Hi all,
I have just deployed two SSIDs on a 7210 Mobility Controller at a client site. Lets call the SSIDs 'Guest' and 'Corp'.
The client uses a completely flat /16 network so I have used the Single VLAN design and used ClearPass to pass seperate user roles/firewall polices back to the Controller for network segregation.
The problem is that the client uses an upstream proxy server to authenticate users. We wish to bypass authentication on the Proxy for 'Guest' users, but can't do this by source IP address range due to the single large subnet.
The only other way I can think of doing this, would be to NAT all guest users behind a single IP address on the Controller and use this IP address in the bypass authentication rules, however they reside behind the same interface as the corp users so I'm not sure how to achieve this.
Is it possible to nat users based on the SSID they connect to?
If not, are there any alternative solutions to bypass proxy auth for guest users as part of a single VLAN design?
-Brett