cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
161
Views
5
Helpful
1
Replies
Beginner

Questions on setting Guest access

Hello,

I am looking to provide Guest access on my wireless network and need to have couple questions answered.

I'm running ISE 2.x with fully compatible Cisco WLC wireless network.

I have 2 types of Guest users, type 1 is a Guest user that will be onsite for 4 hours (self-service portal is fine for this user) or less and then type 2 Guests that will be onsite for longer than 4 hours (Self-service w/ a Sponsor or a sponsor portal).

I want the Guests to connect to the SSID and get redirected to a custom page that allows them to choose if they will be onsite for 4 hours or longer than 4 hours and then redirect to the appropriate portal mentioned above.

Also, if a Guest connects to the SelfService portal as a 4hr user, how can I make sure they can't reconnect/re-register as a Guest again for the next 5 hours using that device? The fear here is the Guest will just keep re-registering every 4 hours to avoid the Sponsor based access.

Lastly, a guest user can have their IP changed during a 4hr window, can ISE list all of the IP's the Guest had during the session?

Thanks in advance!

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

I can't answer the entirety

I can't answer the entirety of the topic but in terms of the user not re-registering for a guest account you can prevent that on a per device basis by creating and Authorisation rule that matches the GuestEndpoint group (device) and provide a different Guest Portal that doesn't support self-registration.

You can then create purging rules that delete those endpoints every 24 hours or so meaning once purged their device will be eligible to login again

View solution in original post

1 REPLY 1
Highlighted

I can't answer the entirety

I can't answer the entirety of the topic but in terms of the user not re-registering for a guest account you can prevent that on a per device basis by creating and Authorisation rule that matches the GuestEndpoint group (device) and provide a different Guest Portal that doesn't support self-registration.

You can then create purging rules that delete those endpoints every 24 hours or so meaning once purged their device will be eligible to login again

View solution in original post