cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

152
Views
0
Helpful
9
Replies
Beginner

ISE Guest Authorization

Hi All,

Can someone assist me for ISE designing for Guest users authorization.

Requirement:

1. Individual guest user's authorization requirement through ISE, each guest should have different access as per requirement. Is it possible? if yes then how we can achieve ? Only base license is purchased.

Thanks

Kamlesh

2 ACCEPTED SOLUTIONS

Accepted Solutions
Cisco Employee

Absolutely, you can place

Absolutely, you can place guest users in different groups within ISE or configure different AD groups for guests and then use DACLS, named-ACLs, etc to provide different access. 

I hope this helps!

Thank you for rating helpful posts!

View solution in original post

Cisco Employee

Here you go:

Here you go:

http://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/113606-byod-flexconnect-dg-000.html#anc5

- Jatin

~Jatin Katyal

View solution in original post

9 REPLIES 9
Cisco Employee

With base license you can use

With base license you can use guest feature on ISE.

http://www.cisco.com/c/en/us/td/docs/security/ise/1-3/admin_guide/b_ise_admin_guide_13/b_ise_admin_guide_sample_chapter_0111.html

You can give different access based on the guest types:

http://www.cisco.com/c/en/us/td/docs/security/ise/1-3/admin_guide/b_ise_admin_guide_13/b_ise_admin_guide_sample_chapter_01111.html#concept_921E58BE513A4E6EABEEDF380391A7A3

- Jatin

~Jatin Katyal
Beginner

Thanks Jatin,

Thanks Jatin,

So we can use only single SSID for guest and give authorization depend on guest user's group.

Is it possible in flexconnect environment? or if not then what would be the other options for remote location users. 

Thanks Kamlesh

Cisco Employee

Here you go:

Here you go:

http://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/113606-byod-flexconnect-dg-000.html#anc5

- Jatin

~Jatin Katyal

View solution in original post

Beginner

Hi Jatin,

Hi Jatin,

Can you help me, I am stuck in Wireless Flexconnect integration with ISE 2.0.

Requirement: SSID (Corporate) required access only from domain machine and vlan tag from ISE. 

Problem: When connecting machine, it is taking IP which is VLAN mapping in Flexconnect group in WLC and ISE showing authorization succeeded matching condition & result. However, I have configured different VLAN ID in ISE for tagging.

It look like Flexconnect override ISE policies.

Can you suggest me what is required to configure in WLC, I have configured AAA (ISE IP), NAC radius in Advance tab.

Thanks

Kamlesh

Cisco Employee

Absolutely, you can place

Absolutely, you can place guest users in different groups within ISE or configure different AD groups for guests and then use DACLS, named-ACLs, etc to provide different access. 

I hope this helps!

Thank you for rating helpful posts!

View solution in original post

Beginner

Hi Neno,

Hi Neno,

Can I use Proxy at the time of guest user's authentication (wired & wireless web-auth).

How is it possible ?

Kamlesh

Cisco Employee

This procedure describes how

This procedure describes how to change the port the controller listens on to the port the proxy server is listening on.

http://www.cisco.com/c/en/us/support/docs/wireless-mobility/wlan-security/116052-config-webauth-proxy-00.html#anc6

HTH

- Jatin

~Jatin Katyal
Highlighted
Beginner

Thanks Jatin,

Thanks Jatin,

It will help me to freeze the ISE solution.

Thanks

Kamlesh

Cisco Employee

You bet !

You bet !

~Jatin Katyal