We as an institution have Eduraom implemented, but we want separation of internal user vs external users that come from different institutions and give lesser access to external users.
Both internal and external client joins the eduroam network get the IP and then are authenticated/authorized by ISE.
Gateway for Eduroam SSID is a firewall. Would it be possible to assign external users a different IP range than internal or is there some other way I should be looking at separating internal and external users.