Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
618
Views
0
Helpful
1
Replies

Cisco ISE + WLC wifi guest access SSID security question

gpinero
Level 1
Level 1

‎04-02-2018 05:05 AM - edited ‎02-21-2020 10:52 AM

Hi everyone I have a doubt. We are implementing CWA for wifi guest access using CISCO ISE 2.3 and WLC 5500.

If SSID is open authenticación

 

What happens with the security of client in this scenario?

The traffic is not encrypted and therefore you can see the traffic in clear.

Is there any way to encrypt this traffic? Change the SSID client?

What are the security recommendations to give access to guests?

 

Thanks

CCNP R&S, CCNP Security, CCNA CyberOps
Labels:
0 Helpful
1 Reply 1

agrissimanis
Level 1
Level 1

‎04-02-2018 06:39 AM

There is generally no right or wrong answer here I think. It all depends on your requirements and company policies. Just with CWA it is not possible to encrypt the traffic, you would need to look at pre-shared key, some form of 802.1X style authentications or it could be a mix of web redirect and pre-shared key - there are many potential options.

It is all a trade-off between ease of use for guests, level of security and the amount of administrative overhead on the employees.

There is a good session on this topic available at Cisco Live online session catalog, the session code is BRKEWN-2014, it is all about Guest access and the various options available.

In our company we have chosen to use "plain" CWA style registration for guests.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents