Solved: Re: Doubts - WLC + ISE + Firesight

crusier2015 · ‎06-28-2018

Hi Friends,

I have the follow doubts , can you help me?

1-)With integration WLC,ISE and Firesight, is it possible to force a guest user to use the internet after fill the form ? And this user id appers on events logs of Firesight, not only his IP address?

2-)Is it possible with WLC and Ise, generate a voucher to temporaly user get access to Internet? To work this way, is it necessary another products, like CMX?

3-)Do you know if we configure access to guest using a voucher to navegate on Internet, is it possible to track the user id on events of Firesight?

TKS

Francesco Molino · ‎06-28-2018

Hi

Yes there's an integration between firepower and ISE. It'll use pxgrid which requires plus licenses.

This will allow you to see user and not only IP. In ise, firepower will leverage passive id.

Take a look here:

https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/user_identity_sources.html

Within ISE, you have multiple way to manage guest access.

Yes you can have sponsor creating guest accounts and send their credentials over email or text. You can also do guest self registration and they'll get their credentials right away on the screen and/or receive them on their email inbox or text.

Instead of sending credentials, when a sponsor create accounts, you can also decide to print them out and then distribute to your users.

When you create a guest user it even when they create themselves their account, a guest profile is attached to them which says the number of hours and schedule when they can temporary access Internet. I recommend taking a look on Cisco community ise documentation where you'll find some documentation help.

You don't need cmx for this. Cmx is to leverage localization for example.

Does this classify your questions?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

Francesco Molino · ‎06-28-2018

Hi

Yes there's an integration between firepower and ISE. It'll use pxgrid which requires plus licenses.

This will allow you to see user and not only IP. In ise, firepower will leverage passive id.

Take a look here:

https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/user_identity_sources.html

Within ISE, you have multiple way to manage guest access.

Yes you can have sponsor creating guest accounts and send their credentials over email or text. You can also do guest self registration and they'll get their credentials right away on the screen and/or receive them on their email inbox or text.

Instead of sending credentials, when a sponsor create accounts, you can also decide to print them out and then distribute to your users.

When you create a guest user it even when they create themselves their account, a guest profile is attached to them which says the number of hours and schedule when they can temporary access Internet. I recommend taking a look on Cisco community ise documentation where you'll find some documentation help.

You don't need cmx for this. Cmx is to leverage localization for example.

Does this classify your questions?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

crusier2015 · ‎06-30-2018

TKS Francesco!!!

So independent the method that guest user get access provide by ISE, i can track this user id on Firesight Events?

TKs

Francesco Molino · ‎06-30-2018

Normally yes as soon as they are integrated (FMC vs ISE).

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question