topic How to restrict access to guest portal or encrypt guest traffic in Network Access Control

How to restrict access to guest portal or encrypt guest traffic

Neelesh Marathe — Fri, 15 Jul 2016 14:00:40 GMT

Team,

I am working on ISE opportunity where I am demonstrating guest use case. Customer wants to use PSK with guest CWA. I have read couple of articles and I know it is not supported. I just want to confirm this before communicating this to customer.

Is there any way we can achieve this customer requirement?

Thanks,

Neelesh Marathe

Re: PSK and Guest CWA

howon — Fri, 15 Jul 2016 14:07:12 GMT

It will be available with WLC AireOS 8.3. For now you can do 802.1X + CWA.

Re: PSK and Guest CWA

Jason Kunst — Fri, 15 Jul 2016 14:54:08 GMT

Can you explain the final goal? Like Hosuk says 8.3 wireless code will support PSK + CWA

If you simply want to stop people from using the Hotspot or Credentialed portals than we have the option of them having to enter a passcode before they can login or create an account

if its encrypting guest then your options are:

•WPA-PSK with LWA*

•shared key + portal login

•CWA not supported

•Point to single PSN (HA requires LoadBalancer)

•WPA2 with CWA*

•shared user/pass + portal login (regular guest accounts)

•WPA2 without portal*

•sponsored credentials (guest type requires - Allow guest to bypass the Guest portal)

* These options can also be used to protect your SSID from people you don't want using it (example taking up DHCP addresses)

Re: PSK and Guest CWA

Neelesh Marathe — Wed, 20 Jul 2016 16:13:56 GMT

Thanks Jason for wonderful explanation. It answers all my questions. Final goal here is encrypting guest traffic.

Thanks,

Neelesh Marathe