05-05-2014 08:10 AM - edited 03-10-2019 09:41 PM
I have a guest portal on ISE configured for central web authentication for our wireless network. I only purchased the basic licensing because I am not interested in the product for profiling, mobile device management, etc.
Is there a way that I can have ISE grant a user access for several months (a semester) without having to login to the web portal again?
It might help to mention that I don't mind if the students cannot manage their connected devices.
05-05-2014 09:07 PM
On the surface of it I can't see a way for you to grant access without logging back into the portal - especially with mobile devices. What you could do as another option is use ISE "activated guest" credentials for a PEAP connection on your SSID.
Basically you would create the accounts via the sponsor portal as per usual but instead of "guest" use "activated guest". You would then need to reconfigure your SSID to support EAP and create associated ISE policies to support PEAP and checking users are part of the activated guest group. What this then means is that once credentials are entered they can be remembered by the client device.
The only real drawback to this method is the lack of AUP which get via the portal. I always get around this by providing the AUP (or links to) on the instructions provided to the client upon receipt of the credentials.
Hope this make sense.
05-12-2014 03:35 AM
Activated Guest role which can be used for those customers who want to grant access to a more secure network (dot1x/VPN for remote users) without needing to login to the Guest Portal to activate the user account. This also gives the guest a way to connect and cache their credentials via their dot1x supplicant instead of having them login to the guest portal via redirection every time they connect to the network.
05-12-2014 12:13 PM
Thanks for the feedback. It pretty much confirmed what I had already thought.
Some of the motivation here is to have more accountability with access. I see now that is only going to come with more advanced licensing.
I think that we are really in the market for an mdm/byod onboarding captive portal. That changes the entire scope of things.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide