Showing results for 
Search instead for 
Did you mean: 

How To: Wireless Guest Setup Guide & Wizard for ISE 2.x


March 2016


This guide was written for ISE 2.0 but can be used for 2.1 & 2.2 , some things might be slightly different but all the steps are the same


For ISE 2.2+ its recommended to use Cisco ISE Secure Access Wizard (SAW) - Guest, BYOD and Secure Access in Minutes!

For a step by step guide to ISE 2.3 reference ISE Guest Access Prescriptive Deployment Guide


This guide describes the express process for configuring Cisco Identity Services Engine (ISE) with a Cisco Wireless Controller to provide Guest Access. Using the steps in this guide, you can set up guest access for your users in approximately two hours.


Some aspects of this guide can be used for a WLC or ISE that has already been set up. This guide’s flow requires you to have a physical controller that has been reset (no config) and ISE web UI available so that we may step you through basic setup in the correct order.

This guide is most helpful for those that have bought the ISE Express License (an inexpensive license for WLC/ISE), but maybe used by anyone that wants to configure the ISE and WLC from a clean install.


There are two types of portals supported by this guide:

  • Guest Access with Hotspot Guest Portals
  • Guest Access with Credentialed Guest Portals
N3t W0rK3r

This is a great guide by the way... thanks very much for this.  I have one question though...

Page 41 talks about modifying an ACL on the WLC that was created from the WLC wizard.  We did not use this wizard, and as such, we have no guest-acl .  Only a snippet of that ACL is shown in the guide.

Can you please post the default guest-acl in its entirety so I can see what other kinds of ACL entries it contains?

Thanks very much.


Jason Kunst
Cisco Employee

the guest-acl is simply a final permission ACL that allows your guests access to the internet and blocks internally (this is normally done on the DMZ firewall for example

There is a sample in the guide on page 70

Frequent Contributor

Thanks jakunst this how-to is very useful!

Jason Kunst
Cisco Employee

please like and rate

Frequent Contributor



Hi Jason, I keep getting this error message below after I select my sponsor groups and try to commit the configs.

no Active Directory by the name mydomain.local found.

Even with Ise 2.3 I get this error message.

There's a bug CSCvg44575 No Active Directory found during Wireless setup but AD created and available.

Any workaround available ?

Jason Kunst
Cisco Employee

You should be now using the Secure Access Wizard starting with ISE 2.2

If you have any questions about the new wizard please open a new community post.

Recognize Your Peers
Content for Community-Ad