cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
 
ISE 2.3 Patch 7 has been posted. This will be the last patch for the ISE 2.3 release!
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1543
Views
4
Helpful
3
Replies
Highlighted
Cisco Employee

How to restrict access to guest portal or encrypt guest traffic

Team,

I am working on ISE opportunity where I am demonstrating guest use case. Customer wants to use PSK with guest CWA. I have read couple of articles and I know it is not supported. I just want to confirm this before communicating this to customer.

Is there any way we can achieve this customer requirement?

Thanks,

Neelesh Marathe

Everyone's tags (7)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: PSK and Guest CWA

Can you explain the final goal? Like Hosuk says 8.3 wireless code will support PSK + CWA

If you simply want to stop people from using the Hotspot or Credentialed portals than we have the option of them having to enter a passcode before they can login or create an account

if its encrypting guest then your options are:

WPA-PSK with LWA*

shared key + portal login

CWA not supported

Point to single PSN (HA requires LoadBalancer)

WPA2 with CWA*

shared user/pass + portal login (regular guest accounts)

WPA2 without portal*

sponsored credentials (guest type requires - Allow guest to bypass the Guest portal)

* These options can also be used to protect your SSID from people you don't want using it (example taking up DHCP addresses)

3 REPLIES 3
Cisco Employee

Re: PSK and Guest CWA

It will be available with WLC AireOS 8.3. For now you can do 802.1X + CWA.

Cisco Employee

Re: PSK and Guest CWA

Can you explain the final goal? Like Hosuk says 8.3 wireless code will support PSK + CWA

If you simply want to stop people from using the Hotspot or Credentialed portals than we have the option of them having to enter a passcode before they can login or create an account

if its encrypting guest then your options are:

WPA-PSK with LWA*

shared key + portal login

CWA not supported

Point to single PSN (HA requires LoadBalancer)

WPA2 with CWA*

shared user/pass + portal login (regular guest accounts)

WPA2 without portal*

sponsored credentials (guest type requires - Allow guest to bypass the Guest portal)

* These options can also be used to protect your SSID from people you don't want using it (example taking up DHCP addresses)

Cisco Employee

Re: PSK and Guest CWA

Thanks Jason for wonderful explanation. It answers all my questions. Final goal here is encrypting guest traffic.

Thanks,

Neelesh Marathe