https://community.cisco.com/t5/network-access-control/ise-byod-guest-clients-provisioning/m-p/2249691#M112284 <P>Hello!</P><P>The question is about provisioning different types of wifi clients through the ISE Guest portal.</P><P>ISE 1.1.4, WLC 7.4.100 (Guest WLAN uses MAB)</P><P></P><P>Suppose, there are two groups of wireless clients:</P><P>1) guest user, which credentials are created through the ISE Sponsor Portal</P><P>2) domain user, who has credentials in ActiveDirectory</P><P></P><P>The aim is to provision domain user, and not provision guest user.</P><P></P><P>When client connects to Guest SSID and opens the browser, he is redirected to ISE Guest portal.</P><P>When client uses domain user, he is provisioned, and when uses guest credentials he is not provisioned</P><P></P><P>How ISE understands, that <SPAN style="font-size: 10pt;">domain user must be provisioned and </SPAN><SPAN style="font-size: 10pt;">guest user must <STRONG>not</STRONG> be provisioned if Web portal is configured to provision everyone?</SPAN></P><P><SPAN style="font-size: 10pt;">(Web Portal -&gt; Settings -&gt; Enable Self-Provisioning flow)</SPAN></P> Tue, 26 Mar 2019 00:30:32 GMT Jaaazman777 2019-03-26T00:30:32Z https://community.cisco.com/t5/network-access-control/ise-byod-guest-clients-provisioning/m-p/2249691#M112284 <P>Hello!</P><P>The question is about provisioning different types of wifi clients through the ISE Guest portal.</P><P>ISE 1.1.4, WLC 7.4.100 (Guest WLAN uses MAB)</P><P></P><P>Suppose, there are two groups of wireless clients:</P><P>1) guest user, which credentials are created through the ISE Sponsor Portal</P><P>2) domain user, who has credentials in ActiveDirectory</P><P></P><P>The aim is to provision domain user, and not provision guest user.</P><P></P><P>When client connects to Guest SSID and opens the browser, he is redirected to ISE Guest portal.</P><P>When client uses domain user, he is provisioned, and when uses guest credentials he is not provisioned</P><P></P><P>How ISE understands, that <SPAN style="font-size: 10pt;">domain user must be provisioned and </SPAN><SPAN style="font-size: 10pt;">guest user must <STRONG>not</STRONG> be provisioned if Web portal is configured to provision everyone?</SPAN></P><P><SPAN style="font-size: 10pt;">(Web Portal -&gt; Settings -&gt; Enable Self-Provisioning flow)</SPAN></P> Tue, 26 Mar 2019 00:30:32 GMT https://community.cisco.com/t5/network-access-control/ise-byod-guest-clients-provisioning/m-p/2249691#M112284 Jaaazman777 2019-03-26T00:30:32Z https://community.cisco.com/t5/network-access-control/ise-byod-guest-clients-provisioning/m-p/2249692#M112298 <HTML><HEAD></HEAD><BODY><P>The answer is that typically you either know that MAC address or you have someting installed (NAC agent?) and fulfill some requirements. </P><P></P><P>Alternative, you can perform CWA first (and...)</P><P>Then if user is part of guest users -&gt; allow internet only access</P><P>If user is part of AD -&gt; send him to do registration. </P><P>Authorization policy allows you to use "identity group" as part of condition. </P><P></P><P>If device registered -&gt; allow full access. (just an idea). </P><P></P><P>M.</P></BODY></HTML> Thu, 20 Jun 2013 13:59:31 GMT https://community.cisco.com/t5/network-access-control/ise-byod-guest-clients-provisioning/m-p/2249692#M112298 Marcin Latosiewicz 2013-06-20T13:59:31Z https://community.cisco.com/t5/network-access-control/ise-byod-guest-clients-provisioning/m-p/2249693#M112349 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>Please check the following links - they may provide a resolution to your issue.</P><P></P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/solutions/collateral/ns340/ns414/ns742/ns744/docs/howto_61_byod_provisioning.pdf">http://www.cisco.com/en/US/solutions/collateral/ns340/ns414/ns742/ns744/docs/howto_61_byod_provisioning.pdf</A></P><P><A class="jive-link-external-small" href="http://www.thesecurityblogger.com/?tag=enhanced-client-provisioning">http://www.thesecurityblogger.com/?tag=enhanced-client-provisioning</A></P></BODY></HTML> Fri, 21 Jun 2013 02:40:55 GMT https://community.cisco.com/t5/network-access-control/ise-byod-guest-clients-provisioning/m-p/2249693#M112349 mmangat 2013-06-21T02:40:55Z https://community.cisco.com/t5/network-access-control/ise-byod-guest-clients-provisioning/m-p/2249694#M112382 <HTML><HEAD></HEAD><BODY><P>for guest you can use CWA...</P><P>for domain user, i don't understand what you want... but if you want posture checking and provisioned, you can use NAC Agent or web Agent... ( if there is no NAC Agent installed, you will be provisioned) </P></BODY></HTML> Mon, 24 Jun 2013 07:16:42 GMT https://community.cisco.com/t5/network-access-control/ise-byod-guest-clients-provisioning/m-p/2249694#M112382 myanznki 2013-06-24T07:16:42Z