Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
522
Views
0
Helpful
3
Replies

Wired Guest Using ISE Interface

bret
Level 3
Level 3

‎03-23-2015 09:14 AM - edited ‎03-10-2019 10:34 PM

Ive scoured the forums for a solution but struck out looking for design tips. I have a centralized guest wireless using ISE with CWA on an anchor controller and it works great. Now I need to create wired guest network for my remote sites. Is this possible using an interface on my 3415 running ISE, or can the anchor controller be used some how?

The 3415 sits in my Pennsylvania data center. It has a new dedicated interface going to the internet for guest traffic. Can this interface be used as a redirect for a guest at a remote site? If so, is there documentation detailing the basic steps to implement this?

Thanks in advance!

Labels:
0 Helpful
3 Replies 3

Justin bollinger
Level 1
Level 1

‎03-23-2015 01:15 PM

If you are already authenticating your wireless users and anchoring them to a DMZ you can do the same with wired users as long as you have a foreign controller layer 2 adjacent to the wired guests.  

http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/99470-config-wiredguest-00.html

You would just need to set the VLAN on the port for the guest users, or if you want you can use ISE wired AuthZ policy to place the guest users into the correct VLAN, or FlexAuth using guest VLANs.  

0 Helpful

bret
Level 3
Level 3
In response to Justin bollinger

‎03-23-2015 01:27 PM

Thanks Justin, but thats the problem. Both the foreign and anchor controller sit in the data center. There are no remote controllers.

0 Helpful

Justin bollinger
Level 1
Level 1
In response to bret

‎03-23-2015 02:21 PM

Is there a requirement that the Guest traffic is tunneled to the DMZ where the anchor controller is?

 

You can still utilize ISE to assign the guest vlan ID and use PBR/GRE tunnels to get the traffic to the DMZ, but again I am making some assumptions on the type of equipment that you have at the remote sites.  

 

What equipment do you have at the remote sites?  Include the licensing level for routers/L3 switches

0 Helpful
Customers Also Viewed These Support Documents