Hey Folks,
Just trying to wrap my head around a configuration and how to implement it. Here is what we want to do:
1 - Place all users connecting to "GUEST-ACCESS" into an isolated VLAN.
2 - Force users to a captive portal, with both guest and authenticated user logins enabled.
3 - Have "guest" users stay in this isolated VLAN with limited access to external sites (as defined by whitelist).
4 - Have "authenticated" users be dropped into an alternate VLAN with access to a broader scope of URL's (as enforced by proxy) and access to VPN/VDI infrastructure.
I have been able to define the the "GUEST-ACCESS" ssid and force users to the captive portal. I can configure the whitelist, and prevent guest users from accessing anything else. Unfortunately the objective I am hung up on is #4. I have defined the Role VLAN ID in each of the user roles (authenticated and un-authenticated) however this seems to make no difference. As part of the Virtual AP configuration I set the VLAN to the isolated one (to ensure the clients get DHCP addresses from the isolated VLAN).
Thoughts? Is this possible? Or I am completely out to lunch?
Thanks,
Rick