I have managed to set up cisco ise and redirection is working fine but my problem is to separate guest traffic from the corporate traffic. Here is a brief scenario of what I have running
Layer three switch has only fiber ports.
All the switches connect to the core switch(L3) and access points are distributed to all the switches that are in various parts of the building
WLC connects to the core switch
Everything is in the default vlan 1
The internal wlan is been authenticated by active directory in the DHCP server which is also providing dhcp services (this is before ise was introduced)
The ise server is the radius server
This is what I have been trying to do
I have configured another vlan (20) for guest wlan and configured a sub –interface on the router for it.
I have configured the router as the dhcp server for vlan 20 tested it and it is working fine
When I put guest wlan in the guest vlan on the controller, redirection seizes to occur even if I put the ise server in this vlan
Here are my questions
Can I restrict guests from accessing my corporate network via an access-list?
Do I need to change the native vlan
Or what can I do to make this scenario work in such a way that the internal wlan is authenticated by the AD and the guest vlan is authenticated by ISE and restrict guests from accessing internal network
I have attached a picture of how my topology looks like.