I am redirecting (url redirecting ) wireless clients to ise .The problem is i have opened port 80 ,443 and 8443 . So the users can even connect to the admin (web ) console to the ise . How can i avoid these ? Thanks
Only 8443 is needed for guest access with ISE, no need to open 80 or 443 towards ISE. Furthermore, if you are concerned about the sponsor portal (which also runs on 8443), you can select another port for it, and even another interface in ISE.
Yes, you could do that, and then have the guest services running on that interface. Just remember it can't be used as a router, so don't try to set it as default gateway or anything like that.
Jan is correct. Furthermore, you can also configure ISE admin access to be restricted to specific IP addresses or subnets. You can do that by configuring it at: Administration->Admin Access->Settings->IP Access.
Learn, share, save
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
