Buy or Renew
Buy or Renew
COMING SOON: Umbrella and Secure Access release notes are coming to Cisco Community. The community will be in read-only August 16 – 19. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
109
Views
0
Helpful
1
Replies

Can Two SSIDs, One Guest One 802.1x, share the same VN/IP Pools?

lancenichols
Level 1
Level 1

‎07-22-2024 09:36 AM

In traditional WLC deployments you can offload multiple SSIDs off into the same VLAN. Our use case is having a Guest SSID that uses portals, but some Guest organizations that are onsite all of the time want to do 802.1x authentication.  In traditional deployment I simply have two SSIDs, one Guest that does RADIUS to a set of portal PSNs, and another SSID doing 802.1x to a dedicated set of PSNs that will do 802.1x for groups that will supply us their devices certificate sets.  Since both user groups are "Guests" in our view, we have no issue with both being put in the same VLAN, or VN in SD-Access world.  Is this configuration possible in an SD-Access environment?

Labels:
0 Helpful
1 Reply 1

andy!doesnt!like!uucp
Spotlight
Spotlight

‎07-22-2024 09:55 AM - edited ‎07-22-2024 10:01 AM

i guess it's pretty possible but u still have to use 2 different SSIDs as u cannot combine 2 different AuthC methods within single SSID.
But with ISE u can recognize guests connected to dot1x-configured SSID & return Guest VLAN to WLC for successfully authenticated client to land him in Guest SVI.
please also look here SDA Fabric Wireless & dynamic vlan authorisation! - Cisco Community
this topic is about using single SSID to land clients in different VLANs but it gives some clue on how u can achieve your task
UPD. just noticed that u r going to use 2 different SSIDs. So that's proper way to go. Please keep tread updated with result 

0 Helpful
Customers Also Viewed These Support Documents