Hello guys,
we have the following requirements for our ISE Guest Access Deployment:
We want to provide guest access but only to non Company Laptops. To check if the Laptop is company or a non company Laptop we have have all MAC Addresses in our ACS server. So in my understanding we have to to the following.
Check the MAC Address against the External Radius Server (ACS)
If Access-Accept returns -> Deny Access
If Access-Deny returns -> Check MAC Address against Internal Endpoint Store
If User not found -> Guestflow
Right now i don´t no how i can sould design it but i need two Authentication Policys first for the redirect to the External Radius and then another one for check against internal Identity Endpoint Store. Am i right ? I don´t know if that is possible.
Really thanks for your help!!
Greetings
Philip
