ā05-08-2021 04:50 AM
Hi
I'm trying to set up a Guest AD for guest users using the wired method. however, I don't want those users to join that domain since they will temporarily be using this domain when they are connected to my network. can I use cisco anyconnect as Dot1x agent by supplying only the user's name and password to the anyconnect agent without the need to let the users join the domin.
Note: No posture policy applied only dot.1x
ā05-08-2021 04:56 AM
you can use the guest portal to authenticate users? is there any specific port the guest user connect or any ports in the network, if any port in the network may be bit tricky, but if the user have specific port allocated for guest users, portal is good option,
Again what resources to give based on the profiles and access control (if your policies)
ā05-08-2021 05:19 AM
Actually, No specific ports for the Guest If it authenticated successfully it will get PACL for the Guest based on the authorization profile.
ā05-08-2021 10:28 AM
have a look at this document that may help you :
ā05-08-2021 12:23 PM
Don't bother with adding users to AD, just add them to the ISE internal guests store via Self-Registered Guest portal or Sponsored Guest Portal. They can use any native supplicant - no need to install AnyConnect.
ā05-08-2021 09:38 PM
You absolutely don't need AD for that... Just use ISE to register your guests and it will provide credentials that they can use to login (via guest portal) against ISE' Guest directory.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: