Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1277
Views
0
Helpful
4
Replies

Network access for IoT and Guest devices on the same SSID using ISE 2.3

Go to solution
gekob
Level 1
Level 1

‎12-04-2018 10:02 PM - edited ‎03-11-2019 01:52 AM

We are currently setting up a PoC where we want to provide authenticated wireless network access to both IoT devices and Guest users on the same SSID. We'll be testing Meraki and Aruba kit against the same ISE 2.3 server and we were wondering if this is possible at all. Can the ISE server have a policy which first checks the MAC address of the client against the MAB table and if no match found, then returns a Splash page to the client?

Or is there no way to get a spalsh page without the initial HTTP GET from the client??

Many thanks for your comments!

 

Gerry

 

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎12-05-2018 04:17 AM

Yes ise authorization policies can say

If macendpoint iot group then grant iot access and SGT
If guest endpoints then grant guest access (part of guest registration flow) SGT
Other redirect to portal

I don’t believe putting iot on same ssid is going to be a good practice however. Likely you’d want them isolated

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎12-05-2018 04:17 AM

Yes ise authorization policies can say

If macendpoint iot group then grant iot access and SGT
If guest endpoints then grant guest access (part of guest registration flow) SGT
Other redirect to portal

I don’t believe putting iot on same ssid is going to be a good practice however. Likely you’d want them isolated
0 Helpful

Go to solution
gekob
Level 1
Level 1
In response to Jason Kunst

‎12-06-2018 12:09 AM

Hi Jason,

thanks for your reply, much appreciated.

The idea is to have only 2 SSIDs company wide, one secure, one not - hence the idea of IoT and guest on the same SSID. We'll see if this is possible at all with Meraki and Aruba.

Thanks

 

Gerry

 

0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to gekob

‎12-06-2018 12:21 PM

Its possible with ISE. Just have to think about how you want to work. I sent you the info
0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎12-05-2018 04:23 AM

is this something work for you, you need to tweak the requirements and test it.

 

https://community.cisco.com/t5/security-documents/ise-hotspot-portal-with-links-to-employee-or-vendor-portals/ta-p/3643513

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents