I have two SSIDs on WLC, the first is related with ISE Guest Portal and the second is related with employee but i realize that the
Guest user can access the employee SSID and employee accounts can access the Guest portal page.
I guess this is happen because i cannot split these databases under "Internal Users" on Authentication Policy.
How can i restrict the access even if i am using the internal databse?
thanks a lot
i could get restrictions using the Authorization profile, where i put the condition using the Guest identity and the Wlan ID will get the deny access restriction.
If anyone has a different way to apply, please let me know!
using the Authorization policy is the right way. Match the corp ID store to the corp WLAN SSID ID in the AuthZ policy, for example (where Employee is your corp ID store and yyyy is the name of your corp SSID):
you can also make @ one group user for guest and employee and define it to match the policy for them in authZ policy...