cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
205
Views
0
Helpful
1
Replies
Beginner

Cisco ISE + WLC wifi guest access SSID security question

Hi everyone I have a doubt. We are implementing CWA for wifi guest access using CISCO ISE 2.3 and WLC 5500.

If SSID is open authenticación

 

What happens with the security of client in this scenario?

The traffic is not encrypted and therefore you can see the traffic in clear.

Is there any way to encrypt this traffic? Change the SSID client?

What are the security recommendations to give access to guests?

 

Thanks

CCNP R&S, CCNP Security, CCNA CyberOps
1 REPLY 1
Highlighted
Beginner

Re: Cisco ISE + WLC wifi guest access SSID security question

There is generally no right or wrong answer here I think. It all depends on your requirements and company policies. Just with CWA it is not possible to encrypt the traffic, you would need to look at pre-shared key, some form of 802.1X style authentications or it could be a mix of web redirect and pre-shared key - there are many potential options.

It is all a trade-off between ease of use for guests, level of security and the amount of administrative overhead on the employees.

There is a good session on this topic available at Cisco Live online session catalog, the session code is BRKEWN-2014, it is all about Guest access and the various options available.

In our company we have chosen to use "plain" CWA style registration for guests.