Solved: ISE Questions - Urgent

rshehov · ‎10-10-2018

HI all,

Is it possible someone to help me out with the following questions in regards of ISE please ?

Is it possible to achieve the following with ISE ?

Publish single SSID for GovRoam

If internal user authenticated then dynamically assign user to a Corporate VLAN (Local

If External user authenticated then route traffic via Guest Anchor controller

Thank you for your input in advance.

Regards

Ross

howon · ‎10-10-2018

This is not possible due to WLC limitation. A given WLAN is either auto-anchored or not and it cannot be both non-anchored and auto-anchored based on user/endpoint currently. We can assign different VLANs based on user/endpoint type and guest VLAN can be mapped to a vrf that gets handled differently.

View solution in original post

howon · ‎10-10-2018

This is not possible due to WLC limitation. A given WLAN is either auto-anchored or not and it cannot be both non-anchored and auto-anchored based on user/endpoint currently. We can assign different VLANs based on user/endpoint type and guest VLAN can be mapped to a vrf that gets handled differently.

rshehov · ‎10-11-2018

Many thanks for your great input.

Regards

Ross

rshehov · ‎10-11-2018

I was thinking that we can route external users when authenticated to guest Anchor controller. However you mentioned that this is not possible. Is this the case or I am getting this one wrong ?

howon · ‎10-11-2018

When you have a WLAN mapped from foreign to anchor (guest), all traffic will get anchored regardless of who connects to the WLAN. One can't choose some users to be anchored on foreign controller and others through the anchor controller on the same WLAN.