Requirement: Restrict Partner access to specific destination onl

Solution: Using WLAN with ISE you can restrict partner providing specific destination only

Step1: Create WLAN with Mac Filtering and Allow AAA Override should be enabled.(This should be enable in order to push Airspace ACL from ISE)

  Create ALC on WLAN which destination you want to apply.

Step 2: Create an Authorization policy

Step 3: Create Local Identity Group with an user.

Go to Administration>Identity Management> Groups>User Identity Groups

Then create an local user in ISE selecting created user group.

Step 4: Create and authentication policy with Wireless MAB

Step 5:Then create an authentication policy

Here red marked option is created identity group.

Using this policy you can restrict onsite partner access where every partner will have respective destination access using same WLAN and Same source ip block.

Identity base ACL will pushed.