cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
The ISE 2.5 Beta software is now available! Join the ISE Beta Community to try it in your lab!
84
Views
0
Helpful
4
Replies
Beginner

Network access for IoT and Guest devices on the same SSID using ISE 2.3

We are currently setting up a PoC where we want to provide authenticated wireless network access to both IoT devices and Guest users on the same SSID. We'll be testing Meraki and Aruba kit against the same ISE 2.3 server and we were wondering if this is possible at all. Can the ISE server have a policy which first checks the MAC address of the client against the MAB table and if no match found, then returns a Splash page to the client?

Or is there no way to get a spalsh page without the initial HTTP GET from the client??

Many thanks for your comments!

 

Gerry

 

 

Everyone's tags (5)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Network access for IoT and Guest devices on the same SSID using ISE 2.3

Yes ise authorization policies can say

If macendpoint iot group then grant iot access and SGT
If guest endpoints then grant guest access (part of guest registration flow) SGT
Other redirect to portal

I don’t believe putting iot on same ssid is going to be a good practice however. Likely you’d want them isolated
4 REPLIES
Cisco Employee

Re: Network access for IoT and Guest devices on the same SSID using ISE 2.3

Yes ise authorization policies can say

If macendpoint iot group then grant iot access and SGT
If guest endpoints then grant guest access (part of guest registration flow) SGT
Other redirect to portal

I don’t believe putting iot on same ssid is going to be a good practice however. Likely you’d want them isolated
Beginner

Re: Network access for IoT and Guest devices on the same SSID using ISE 2.3

Hi Jason,

thanks for your reply, much appreciated.

The idea is to have only 2 SSIDs company wide, one secure, one not - hence the idea of IoT and guest on the same SSID. We'll see if this is possible at all with Meraki and Aruba.

Thanks

 

Gerry

 

Cisco Employee

Re: Network access for IoT and Guest devices on the same SSID using ISE 2.3

Its possible with ISE. Just have to think about how you want to work. I sent you the info
Highlighted
Collaborator

Re: Network access for IoT and Guest devices on the same SSID using ISE 2.3

is this something work for you, you need to tweak the requirements and test it.

 

https://community.cisco.com/t5/security-documents/ise-hotspot-portal-with-links-to-employee-or-vendor-portals/ta-p/3643513

BB
*** Rate All Helpful Responses ***
CreatePlease to create content
Ask the Expert- Introduction to Network Design