06-22-2021 12:07 AM - edited 07-02-2021 09:35 PM
We are using Centralized controllers with flexconnect access points. Requirement came from client that guest users be able put on a VLAN that is not routable internally yet we want them to authenticate against ISE and get a AUP splash page before getting on the guest wireless. We brought up the issue that if the end device cannot reach ISE then we can't get the splash page and therefore no guest access.
The suggestion came that we put the clients on a temporary routable VLAN that can talk the ISE, and then after accepting the policy they can then be put on the guest vlan.
After experimenting with this this is where I'm at:
Appreciate any thoughts on this to make it work. We are using ISE 2.7 and 8540 controllers running 8.5
Thanks!
Solved! Go to Solution.
06-23-2021 12:00 AM
06-22-2021 07:50 AM
That should work. I would set the lease expiration even down to 30 seconds.
Do you see on the WLC that the client actually gets assigned a new VLAN after accepting the splash page?
Does that virtual-interface has the correct IP address and gateway configured for the new VLAN?
06-22-2021 08:31 AM
06-23-2021 12:00 AM
06-23-2021 12:07 AM
06-23-2021 12:22 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide