Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1562
Views
25
Helpful
2
Replies

Guest and Self-Register wireless configuration on ISE

Go to solution
atsukane
Level 1
Level 1

‎09-16-2021 07:17 PM

HI all,

Our guest WiFi setting is on the default policy set along with other unused policies, so I'm planning on creating new set for wifi.

At the same time, I plan to spin up another WLAN for employees with AD authentication (e.g. SSID Staff), and enable self-registering on the existing guest WLAN (e.g. SSID Guest).

Trying to get head round to it but confused how to achieve this.

I'm guessing I need two authorization profiles for both SSIDs with web redirection pointing to  either self-register or guest URL, then under a single Policy Set a series of Authorization Polices are configured to push the to relevant profile so that devices are sent to the right URL?

Sorry, it's very vague but am I on the right track?

Any suggestion is very much appreciated.

 

Thanks,

 

1 Accepted Solution

Accepted Solutions

Go to solution
howon
Cisco Employee
Cisco Employee

‎09-16-2021 08:33 PM

I suggest creating a separate policy set for 'SSID Staff'. You can leave the guest in the default policy set or can create a policy set for 'SSID Guest'. Having separate policy set will make the policy much easier to change and understand in the future. See example policy set here: https://community.cisco.com/t5/security-documents/tips-for-new-ise-administrators/ta-p/3891856#toc-hId--570604833

View solution in original post

2 Replies 2

Go to solution
howon
Cisco Employee
Cisco Employee

‎09-16-2021 08:33 PM

I suggest creating a separate policy set for 'SSID Staff'. You can leave the guest in the default policy set or can create a policy set for 'SSID Guest'. Having separate policy set will make the policy much easier to change and understand in the future. See example policy set here: https://community.cisco.com/t5/security-documents/tips-for-new-ise-administrators/ta-p/3891856#toc-hId--570604833

Go to solution
atsukane
Level 1
Level 1
In response to howon

‎09-16-2021 08:39 PM

Thanks @howon 

 

Noted the below tip from the link

Creating first policy set

Best policy is one that is easy to read. Don’t put all policy rules into single or default policy set, it will make the policy conditions complex and hard to read. Use following table as template and customize it for your environment.

 

Thanks again.

Customers Also Viewed These Support Documents