Guest Active directory with Any-connect

NetworkSupport00025 · ‎05-08-2021

Hi

I'm trying to set up a Guest AD for guest users using the wired method. however, I don't want those users to join that domain since they will temporarily be using this domain when they are connected to my network. can I use cisco anyconnect as Dot1x agent by supplying only the user's name and password to the anyconnect agent without the need to let the users join the domin.

Note: No posture policy applied only dot.1x

balaji.bandi · ‎05-08-2021

you can use the guest portal to authenticate users? is there any specific port the guest user connect or any ports in the network, if any port in the network may be bit tricky, but if the user have specific port allocated for guest users, portal is good option,

Again what resources to give based on the profiles and access control (if your policies)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

NetworkSupport00025 · ‎05-08-2021

Actually, No specific ports for the Guest If it authenticated successfully it will get PACL for the Guest based on the authorization profile.

balaji.bandi · ‎05-08-2021

have a look at this document that may help you :

https://community.cisco.com/t5/security-documents/ise-guest-access-prescriptive-deployment-guide/ta-p/3640475

https://ciscocustomer.lookbookhq.com/iseguidedjourney/BYOD-configuration?utm_campaign=ISE&utm_content=Guide&utm_source=Cisco.com-Open&utm_medium=ISE-Page-BYOD&pfhide=true

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

thomas · ‎05-08-2021

Don't bother with adding users to AD, just add them to the ISE internal guests store via Self-Registered Guest portal or Sponsored Guest Portal. They can use any native supplicant - no need to install AnyConnect.

Romzy · ‎05-08-2021

You absolutely don't need AD for that... Just use ISE to register your guests and it will provide credentials that they can use to login (via guest portal) against ISE' Guest directory.