05-08-2021 04:50 AM
Hi
I'm trying to set up a Guest AD for guest users using the wired method. however, I don't want those users to join that domain since they will temporarily be using this domain when they are connected to my network. can I use cisco anyconnect as Dot1x agent by supplying only the user's name and password to the anyconnect agent without the need to let the users join the domin.
Note: No posture policy applied only dot.1x
05-08-2021 04:56 AM
you can use the guest portal to authenticate users? is there any specific port the guest user connect or any ports in the network, if any port in the network may be bit tricky, but if the user have specific port allocated for guest users, portal is good option,
Again what resources to give based on the profiles and access control (if your policies)
05-08-2021 05:19 AM
Actually, No specific ports for the Guest If it authenticated successfully it will get PACL for the Guest based on the authorization profile.
05-08-2021 10:28 AM
have a look at this document that may help you :
05-08-2021 12:23 PM
Don't bother with adding users to AD, just add them to the ISE internal guests store via Self-Registered Guest portal or Sponsored Guest Portal. They can use any native supplicant - no need to install AnyConnect.
05-08-2021 09:38 PM
You absolutely don't need AD for that... Just use ISE to register your guests and it will provide credentials that they can use to login (via guest portal) against ISE' Guest directory.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide