03-15-2019 03:19 AM
Hi Team,
Please your help, I´m configuring ISE for WiFi Guest Access, and I created 2 Guest Portals; Guest and Providers.
The idea is to give different access depending of the type of user. The problem is; when a user try one portal and create a temporal user for access, this user can get access in both portals.
How can I separate the access to Guest users ?
If a user gets the temporal account using Guest Portal, is it possible to restrict the access to Provider portal and vice-versa ?
How can I separate the access depending of the Portal used to create the account ?
Thank you very much in advance.
03-15-2019 04:20 AM
Hi,
Create 2 CWA-PHASE1 authorization policies and in each one redirect to the specified portal.
03-15-2019 07:49 AM
Ok, I understand that we can create the redirect in authorization profiles to select the portal, but when the user gets the temporal account, how may I control the access to specific portals ? I meant, if a user gets the account in Guest portal, is it possible to restrict the access to Provider portal and vice-versa ?
03-15-2019 06:06 AM
Are these on two different SSIDs? If so then you don't have to allow access to the guest types on one SSID to access the other SSID. They may be able to sign into each others portal, but they won't get on the Internet. Each guest type has its own identity group and each SSID should have its own policy set.
Also you could block the guest identity group from each others SSID from connecting to the other. So lets say you have two guest types:
Regular_Guests maps to Regular_Guests endpoint identity group
Provider_Guests maps to Provider_Guests endpoint identity group
SSID Regular_Guest would have its own policy set:
SSID Provider_Guest would have its own policy set:
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide