Hello,
I have a TLS secure network and based upon the authentication the clearpass server returns a corresponding role with a vlan in it for the user/device to be on. This all works great, but one thing I've run across is that For our internal vlan's we allow client to client traffic, but for our BYOD vlan's we want client isolation on. How is this one when the same SSID is used for both purposes? The address subnet is different between vlans, so is there a way that I perform this via the controller firewall instead of client isolation?