cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
289
Views
5
Helpful
5
Replies
Beginner

Multiple Guest PSN

Hello, 

 

Wanted to run this question by you guys:

 

We are deploying 3 Guest PSNs (One per region) which are going to be used only for Guest Self registration portal and sponsor approval services. 

 

Is it possible to:

 

  • If I am an Americas Guest user to:
    • Receive Americas Guest portal registration page
  • If I am the sponsor to approve the registration request via single click approval and for the link to be the Americas PSN
  • If I am an Europe Guest user to:
    • Receive Europe Guest portal registration page
  • If I am the sponsor to approve the registration request via single click approval and for the link to be the Europe PSN

Same applies for AMEA. Can you share some documentation around it. 

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Multiple Guest PSN

Please check http://cs.co/ise-guest page for static configuration
ISE with Static Redirect for Isolated Guest Networks Configuration Example
5 REPLIES 5
VIP Advisor

Re: Multiple Guest PSN

Hi

Is the guest for wired or wireless?
If wireless, will it be the same ssid everywhere?
In addition to these questions’ answers, there’s a simple design named anycast where each PSNs will have a dedicated interface for portals with the same IP address across all of them. Then based on the routing you will ensure users for Americas get redirected to local PSNs and in case of failure to get redirected to the closest one like EMEA. Same applies to all PSNs.

Is that clear?

Here are some links for Anycast:
- https://community.cisco.com/kxiwq67737/attachments/kxiwq67737/5936-discussions-aaa-identity-and-nac/63917/1/brksec-3045.pdf
- https://www.networkworld.com/article/3074954/how-to-use-anycast-to-provide-high-availability-to-a-radius-server.html

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
Beginner

Re: Multiple Guest PSN

Hello Franceso, thanks for the reply.

Let me provide more details.

These Guest PSNs are only for Guest portal registration and Sponsor approval. We have The admin notes in the backend.
We are not using AnyCast but rather we are levaraging DNS, here is an example:

Americas PSN:
guest-americas.company.com - Public IP 1
sponsor-americas.company.com - Public IP 1

Europe PSN:
guest-europe.company.com - Public IP 2
sponsor-europe.company.com - Public IP 2
VIP Advisor

Re: Multiple Guest PSN

ok then using different names will help and you can ensure that a user redirected to guest europe still goes to the same PSN.
(i don't know your whole design). Do you have a specific ssid for guest? If so, then on your radius server for this guest ssid you need to choose the right PSN. For example: if Europe guest authenticates, the ssid will need to talk with guest psn to ensure the policy will return the guest psn url and not america.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
Beginner

Re: Multiple Guest PSN

Hi Francesco,

 

Thanks for the reply. Yes, Guest SSID will be the same across the entire environment. Our RADIUS servers are going to be ISE on our case so you are saying that there are two parts. 

The WLC needs to be configured for example if its an Americas WLC, the WLC will provide the Americas Guest PSN portal redirection and then the Guest Americas PSN that received the registration request will be configured to return on single click approval the link for itself? (Americas Guest PSN)

Would you have any documentation regarding the PSN configuration.  

Cisco Employee

Re: Multiple Guest PSN

Please check http://cs.co/ise-guest page for static configuration
ISE with Static Redirect for Isolated Guest Networks Configuration Example