Cisco ISE 2.x - Multiple sites

jordyjoossens · ‎02-08-2017

Hi Everyone,

I'm currently working a few things out with ISE and I'm stuck with multi site guest portals.

For example, I have site A, B and C.

I've installed an ISE server (standalone) on a server in site A. I've created a guest portal and did the necessary configuration on the WLC so that my portal comes up when I try to connect to my Guest SSID.

For this to work I had to configure a NIC with a static IP address in my guest VLAN on the ISE server and in the Guest Portal section I've selected the NIC to use that interface.

So locally everything is running fine now.

But I would like to create a guest SSID as well on the WLC's of site B and C which will use the ISE server located in site A. All sites are connected with site-to-site vpn's.

If I let the Guest Portal run on the Gigabitethernet 0 interface (which is in another subnet than the guest vlan) and I connect to the SSID, it tries to resolve the DNS name, which it can't because they are in different subnets.

Has anyone of you tried to setup a similar build and if so, how did you do it?

Thanks in advance,

J.

Rahul Govindan · ‎02-08-2017

I have not a case similar to this, but usually when my internal DNS server is kept away from my Guest network, I usually change the redirect url to use the IP address instead of the FQDN. But, this causes a cert error for the users when they access the https ISE guest portal.