Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2863
Views
0
Helpful
2
Replies

ISE Authentication cache in CWA for Guest

Go to solution
ipagliani
Level 1
Level 1

‎02-06-2015 09:02 AM - edited ‎03-10-2019 10:25 PM

Ciao,

do you known how I can cache a guest authentication ? 

For example a Guest connect to guest SSID (open); authenticate using CWA (ISE and WLC). After that every time the guest logoff and login,  no authentication is required during the same days.

 

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
jan.nielsen
Level 7
Level 7

‎02-06-2015 09:17 AM

With ISE 1.3, you can set the guest portal to auto register the mac address of the devices when they login the first time as a guest. The next time they connect, you can authenticate the mac adress instead. Endpoint purging rules can be set up so that, if you wan't them to re-login again ise will remove the mac address from the specific group for that guest portal, and the user has to login again, ex. once every day or whenever you wan't..

If you are on ise 1.2, the only way is to change the idle timers on the WLC to a higher value than the default 300 seconds, which really is not a good way to do it if you are planning on having alot of users use this, as it will consume memory and process power on the WLC.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
jan.nielsen
Level 7
Level 7

‎02-06-2015 09:17 AM

With ISE 1.3, you can set the guest portal to auto register the mac address of the devices when they login the first time as a guest. The next time they connect, you can authenticate the mac adress instead. Endpoint purging rules can be set up so that, if you wan't them to re-login again ise will remove the mac address from the specific group for that guest portal, and the user has to login again, ex. once every day or whenever you wan't..

If you are on ise 1.2, the only way is to change the idle timers on the WLC to a higher value than the default 300 seconds, which really is not a good way to do it if you are planning on having alot of users use this, as it will consume memory and process power on the WLC.

0 Helpful

Go to solution
Venkatesh Attuluri
Cisco Employee
Cisco Employee

‎02-19-2015 05:04 AM

You can find "Automatically register guest devices /Allow guests to register devices"  option here -> Guest Access > Configure > Guest Portals > Create, Edit or Duplicate > Portal Behavior and Flow Settings > Guest Device Registration Settings.

using this option -Automatically create an endpoint for the device from which the guest is accessing this portal. The endpoint will be added to the endpoint identity group specified for this portal and is subject to the identity group's purge policy.

An authorization rule can now be created to allow access to endpoints in that identity group, so that web authentication is no longer required.

And you have "ActivatedGuest" option in 1.2

0 Helpful
Customers Also Viewed These Support Documents