01-17-2016 06:06 AM - edited 03-10-2019 11:24 PM
Hi All,
Can someone assist me for ISE designing for Guest users authorization.
Requirement:
1. Individual guest user's authorization requirement through ISE, each guest should have different access as per requirement. Is it possible? if yes then how we can achieve ? Only base license is purchased.
Thanks
Kamlesh
Solved! Go to Solution.
01-17-2016 11:00 PM
Absolutely, you can place guest users in different groups within ISE or configure different AD groups for guests and then use DACLS, named-ACLs, etc to provide different access.
I hope this helps!
Thank you for rating helpful posts!
01-18-2016 03:06 AM
Here you go:
http://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/113606-byod-flexconnect-dg-000.html#anc5
- Jatin
01-17-2016 12:55 PM
With base license you can use guest feature on ISE.
http://www.cisco.com/c/en/us/td/docs/security/ise/1-3/admin_guide/b_ise_admin_guide_13/b_ise_admin_guide_sample_chapter_0111.html
You can give different access based on the guest types:
http://www.cisco.com/c/en/us/td/docs/security/ise/1-3/admin_guide/b_ise_admin_guide_13/b_ise_admin_guide_sample_chapter_01111.html#concept_921E58BE513A4E6EABEEDF380391A7A3
- Jatin
01-18-2016 02:56 AM
Thanks Jatin,
So we can use only single SSID for guest and give authorization depend on guest user's group.
Is it possible in flexconnect environment? or if not then what would be the other options for remote location users.
Thanks Kamlesh
01-18-2016 03:06 AM
Here you go:
http://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/113606-byod-flexconnect-dg-000.html#anc5
- Jatin
03-30-2016 05:34 AM
Hi Jatin,
Can you help me, I am stuck in Wireless Flexconnect integration with ISE 2.0.
Requirement: SSID (Corporate) required access only from domain machine and vlan tag from ISE.
Problem: When connecting machine, it is taking IP which is VLAN mapping in Flexconnect group in WLC and ISE showing authorization succeeded matching condition & result. However, I have configured different VLAN ID in ISE for tagging.
It look like Flexconnect override ISE policies.
Can you suggest me what is required to configure in WLC, I have configured AAA (ISE IP), NAC radius in Advance tab.
Thanks
Kamlesh
01-17-2016 11:00 PM
Absolutely, you can place guest users in different groups within ISE or configure different AD groups for guests and then use DACLS, named-ACLs, etc to provide different access.
I hope this helps!
Thank you for rating helpful posts!
01-19-2016 02:21 AM
Hi Neno,
Can I use Proxy at the time of guest user's authentication (wired & wireless web-auth).
How is it possible ?
Kamlesh
01-19-2016 06:30 AM
This procedure describes how to change the port the controller listens on to the port the proxy server is listening on.
http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/116052-config-webauth-proxy-00.html#anc6
HTH
- Jatin
01-19-2016 07:51 AM
Thanks Jatin,
It will help me to freeze the ISE solution.
Thanks
Kamlesh
01-19-2016 08:07 AM
You bet !
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: