I'm looking into a network access control solution, and I have the following questions:
1- My understanding is that ACS assigns unauthorized assets to a guest vlan/zone, but what happens next if access to resources (such as internet) requires authentication? In other words, does an ACS-only solution imply manual guest access provisioning, as opposed to automatic provisioning with an overlay NAC Guest server?
2- Captive portal vs. Webauth: My understanding is that ACS alone does not provide a captive portal for guests. It only provides a webauth feature that is mainly a fallback authentication mechanism for employees/managed assets, not guests/unmanaged assets. Is this correct?
3- Finally, the Trustsec v2.00 document (http://www.cisco.com/en/US/docs/solutions/Enterprise/Security/TrustSec_2.0/trustsec_2.0_dig.pdf) mentions “Cisco TrustSec 2.0 adds support for Wireless user access. With Cisco TrustSec 2.0, Cisco ISE provides the same authentication methods regardless of user access methods, which could be from wired line or Wi-Fi connection”. Does this mean that ACS has limitations to support wireless connections?