Hi,
My guests get an IP from the controller and the controller is the default gateway for the users. The are allowed to reach clearpass using ESI server/group to authenticate and all.
My issue is that guests users are able to access the web UI for the controller and putting an ACL(blocking svc-http and https to the destination of the controller IP address) on the guest role breaks some internet functionality for the guests, I even tried to only block tcp-4343 but it still broke some webb sites redirects.
Any thoughts?