Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
621
Views
0
Helpful
3
Replies

ISE Guest Portal and one more SSID using internal accounts

danielnunes
Level 1
Level 1

‎06-13-2013 07:56 AM - edited ‎03-10-2019 08:32 PM

Hi Guys,

I have two SSIDs on WLC, the first is related with ISE Guest Portal and the second is related with employee but i realize that the

Guest user can access the employee SSID and employee accounts can access the Guest portal page.

I guess this is happen because i cannot split these databases under "Internal Users" on Authentication Policy.

How can i restrict the access even if i am using the internal databse?

thanks a lot

Labels:
0 Helpful
3 Replies 3

danielnunes
Level 1
Level 1

‎06-13-2013 09:38 AM

Folks,

i could get restrictions using the Authorization profile, where i put the condition using the Guest identity and the Wlan ID will get the deny access restriction.

If anyone has a different way to apply, please let me know!

thanks

0 Helpful

Nicholas Poole
Level 1
Level 1
In response to danielnunes

‎06-14-2013 02:40 AM

using the Authorization policy is the right way.  Match the corp ID store to the corp WLAN SSID ID in the AuthZ policy, for example (where Employee is your corp ID store and yyyy is the name of your corp SSID):

0 Helpful

myanuary
Level 1
Level 1

‎06-24-2013 12:45 AM

you can also make @ one group user for guest and employee and define it to match the policy for them in authZ policy...

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents