Cisco Community
English
Register
Tell us how your company is accelerating digital agility. LEARN MORE and share your story.
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

2508
Views
4
Helpful
3
Replies
Neelesh Marathe
Cisco Employee
Cisco Employee
‎07-15-2016 07:00 AM
‎07-15-2016 07:00 AM

How to restrict access to guest portal or encrypt guest traffic

Team,

I am working on ISE opportunity where I am demonstrating guest use case. Customer wants to use PSK with guest CWA. I have read couple of articles and I know it is not supported. I just want to confirm this before communicating this to customer.

Is there any way we can achieve this customer requirement?

Thanks,

Neelesh Marathe

1 ACCEPTED SOLUTION

Accepted Solutions
Jason Kunst
Cisco Employee
Cisco Employee
‎07-15-2016 07:54 AM
‎07-15-2016 07:54 AM

Can you explain the final goal? Like Hosuk says 8.3 wireless code will support PSK + CWA

If you simply want to stop people from using the Hotspot or Credentialed portals than we have the option of them having to enter a passcode before they can login or create an account

if its encrypting guest then your options are:

WPA-PSK with LWA*

shared key + portal login

CWA not supported

Point to single PSN (HA requires LoadBalancer)

WPA2 with CWA*

shared user/pass + portal login (regular guest accounts)

WPA2 without portal*

sponsored credentials (guest type requires - Allow guest to bypass the Guest portal)

* These options can also be used to protect your SSID from people you don't want using it (example taking up DHCP addresses)

View solution in original post

0 Helpful
3 REPLIES 3
howon
Cisco Employee
Cisco Employee
‎07-15-2016 07:07 AM
‎07-15-2016 07:07 AM

It will be available with WLC AireOS 8.3. For now you can do 802.1X + CWA.

Jason Kunst
Cisco Employee
Cisco Employee
‎07-15-2016 07:54 AM
‎07-15-2016 07:54 AM

Can you explain the final goal? Like Hosuk says 8.3 wireless code will support PSK + CWA

If you simply want to stop people from using the Hotspot or Credentialed portals than we have the option of them having to enter a passcode before they can login or create an account

if its encrypting guest then your options are:

WPA-PSK with LWA*

shared key + portal login

CWA not supported

Point to single PSN (HA requires LoadBalancer)

WPA2 with CWA*

shared user/pass + portal login (regular guest accounts)

WPA2 without portal*

sponsored credentials (guest type requires - Allow guest to bypass the Guest portal)

* These options can also be used to protect your SSID from people you don't want using it (example taking up DHCP addresses)

View solution in original post

0 Helpful
Neelesh Marathe
Cisco Employee
Cisco Employee
In response to Jason Kunst
‎07-20-2016 09:13 AM
‎07-20-2016 09:13 AM

Thanks Jason for wonderful explanation. It answers all my questions. Final goal here is encrypting guest traffic.

Thanks,

Neelesh Marathe

Latest Contents
Preparing for Cybersecurity Threats in a Permanently Hybrid ...
Created by danievil on 06-21-2021 04:50 PM
0
5
0
5
Learn about the rapidly evolving cyberthreat landscape and how both organizations and users can protect themselves as we transition to a forever hybrid world through a conversation with Cisco Talos Security Research Leader for Europe, Middle East, Africa,... view more
Simple, secure tools to help protect your hybrid workplace
Created by Kelli Glass on 06-16-2021 05:47 PM
0
0
0
0
When we said the word “hybrid” in the past, it usually recalled the image of a new variety of plant or maybe an electric car. These days, it applies to the workplace too.   The future of work isn’t “changing” to a h... view more
Cisco Network Security Ask the Experts Resources
Created by vivichia on 06-10-2021 05:21 PM
0
10
0
10
Thanks for attending our Ask the Experts (ATXs) session! Here’s the post-session resources for easy reference. New to ATXs? An ATXs session, offered at no cost, is an hour of real-time learning led by Cisco experts, who will answer your technology q... view more
MGRE Easy Steps
Created by dhr.tech1 on 06-09-2021 04:09 PM
0
0
0
0
                                    Setup MGRE     &nbs... view more
Secure Endpoint Frequently Asked Questions
Created by E.L. Howard on 06-09-2021 10:39 AM
0
5
0
5
Cisco Secure Endpoint New packages fit for every organization Every Cisco Secure Endpoint (formerly AMP for Endpoints) package comes with Cisco SecureX built-in. It’s our cloud-native platform that integrates all your security solutions into one view wit... view more
Content for Community-Ad