Meraki

Community

About Frahan

Re: Tunnel Guest ssid Traffic with HQ keeping ISE guest portal

by in Wireless
‎Apr 26 2019 6:16 AM
‎Apr 26 2019 6:16 AM
  Thank you for response, even tough after posting question i found similar posts where i find similar answer as you mentioned in response to my query.   Regarding old design, the problem is about mind set and past investment done in other hardware's/technologies.   the only last thing, i need to know. Can i redirect guest user to ise portal (ISE placed in HO DMZ segment) having  Guest ssid tunnel  to MX appliance ( Sit in DMZ with concentrator mode).     ... View more

Tunnel Guest ssid Traffic with HQ keeping ISE guest portal

by in Wireless
‎Apr 25 2019 10:53 AM
‎Apr 25 2019 10:53 AM
  Hi,   We are using Cisco Legacy WLC setup within our environment. For guest we are using WLC anchor ( sit within DMZ) solution to segregate guest ssid traffic from corporate traffic. ISE is placed within DMZ, which is pushing self registration/ sponsor page  for guest and this work fine. Now we are moving towards meraki and management request the same setup for Meraki as well. We have requirement to isolate guest ssid traffic by having guest ssid tunnel with Mx appliance in DMZ, which is quite clear. However, i am confused with role of ISE within DMZ segment, that how ISE will push radius attribute over the tunnel.    Traffic flow is as follows.   Guest --- Guest ssid ( Tunnel)------Branch Gateway ------MPLS Cloud-----DC--DMZ---MX Appliance (Tunnel with guest ssid)-----Internet.   We need to have similar setup like legacy controller, where ISE is pushing guest login pages. What is the best way to isolate guest traffic all the way from branch to DMZ and keeping ISE as self registration. We do not have internet at branches.    ... View more
© 2024 Cisco Systems, Inc.