Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3462
Views
4
Helpful
3
Replies

How to restrict access to guest portal or encrypt guest traffic

Go to solution
Neelesh Marathe
Cisco Employee
Cisco Employee

‎07-15-2016 07:00 AM

Team,

I am working on ISE opportunity where I am demonstrating guest use case. Customer wants to use PSK with guest CWA. I have read couple of articles and I know it is not supported. I just want to confirm this before communicating this to customer.

Is there any way we can achieve this customer requirement?

Thanks,

Neelesh Marathe

1 Accepted Solution

Accepted Solutions

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎07-15-2016 07:54 AM

Can you explain the final goal? Like Hosuk says 8.3 wireless code will support PSK + CWA

If you simply want to stop people from using the Hotspot or Credentialed portals than we have the option of them having to enter a passcode before they can login or create an account

if its encrypting guest then your options are:

WPA-PSK with LWA*

shared key + portal login

CWA not supported

Point to single PSN (HA requires LoadBalancer)

WPA2 with CWA*

shared user/pass + portal login (regular guest accounts)

WPA2 without portal*

sponsored credentials (guest type requires - Allow guest to bypass the Guest portal)

* These options can also be used to protect your SSID from people you don't want using it (example taking up DHCP addresses)

View solution in original post

0 Helpful
3 Replies 3

Go to solution
howon
Cisco Employee
Cisco Employee

‎07-15-2016 07:07 AM

It will be available with WLC AireOS 8.3. For now you can do 802.1X + CWA.

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎07-15-2016 07:54 AM

Can you explain the final goal? Like Hosuk says 8.3 wireless code will support PSK + CWA

If you simply want to stop people from using the Hotspot or Credentialed portals than we have the option of them having to enter a passcode before they can login or create an account

if its encrypting guest then your options are:

WPA-PSK with LWA*

shared key + portal login

CWA not supported

Point to single PSN (HA requires LoadBalancer)

WPA2 with CWA*

shared user/pass + portal login (regular guest accounts)

WPA2 without portal*

sponsored credentials (guest type requires - Allow guest to bypass the Guest portal)

* These options can also be used to protect your SSID from people you don't want using it (example taking up DHCP addresses)

0 Helpful

Go to solution
Neelesh Marathe
Cisco Employee
Cisco Employee
In response to Jason Kunst

‎07-20-2016 09:13 AM

Thanks Jason for wonderful explanation. It answers all my questions. Final goal here is encrypting guest traffic.

Thanks,

Neelesh Marathe

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents