Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3756
Views
4
Helpful
3
Replies

How to restrict access to guest portal or encrypt guest traffic

Go to solution
Neelesh Marathe
Cisco Employee
Cisco Employee

‎07-15-2016 07:00 AM

Team,

I am working on ISE opportunity where I am demonstrating guest use case. Customer wants to use PSK with guest CWA. I have read couple of articles and I know it is not supported. I just want to confirm this before communicating this to customer.

Is there any way we can achieve this customer requirement?

Thanks,

Neelesh Marathe

1 Accepted Solution

Accepted Solutions

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎07-15-2016 07:54 AM

Can you explain the final goal? Like Hosuk says 8.3 wireless code will support PSK + CWA

If you simply want to stop people from using the Hotspot or Credentialed portals than we have the option of them having to enter a passcode before they can login or create an account

if its encrypting guest then your options are:

WPA-PSK with LWA*

shared key + portal login

CWA not supported

Point to single PSN (HA requires LoadBalancer)

WPA2 with CWA*

shared user/pass + portal login (regular guest accounts)

WPA2 without portal*

sponsored credentials (guest type requires - Allow guest to bypass the Guest portal)

* These options can also be used to protect your SSID from people you don't want using it (example taking up DHCP addresses)

View solution in original post

0 Helpful
3 Replies 3

Go to solution
howon
Cisco Employee
Cisco Employee

‎07-15-2016 07:07 AM

It will be available with WLC AireOS 8.3. For now you can do 802.1X + CWA.

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎07-15-2016 07:54 AM

Can you explain the final goal? Like Hosuk says 8.3 wireless code will support PSK + CWA

If you simply want to stop people from using the Hotspot or Credentialed portals than we have the option of them having to enter a passcode before they can login or create an account

if its encrypting guest then your options are:

WPA-PSK with LWA*

shared key + portal login

CWA not supported

Point to single PSN (HA requires LoadBalancer)

WPA2 with CWA*

shared user/pass + portal login (regular guest accounts)

WPA2 without portal*

sponsored credentials (guest type requires - Allow guest to bypass the Guest portal)

* These options can also be used to protect your SSID from people you don't want using it (example taking up DHCP addresses)

0 Helpful

Go to solution
Neelesh Marathe
Cisco Employee
Cisco Employee
In response to Jason Kunst

‎07-20-2016 09:13 AM

Thanks Jason for wonderful explanation. It answers all my questions. Final goal here is encrypting guest traffic.

Thanks,

Neelesh Marathe

Customers Also Viewed These Support Documents