cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

How To: Wireless Guest Setup Guide & Wizard for ISE 2.x

44229
Views
11
Helpful
7
Comments

March 2016

 

This guide was written for ISE 2.0 but can be used for 2.1 & 2.2 , some things might be slightly different but all the steps are the same

 

For ISE 2.2+ its recommended to use Cisco ISE Secure Access Wizard (SAW) - Guest, BYOD and Secure Access in Minutes!

For a step by step guide to ISE 2.3 reference ISE Guest Access Prescriptive Deployment Guide

 

This guide describes the express process for configuring Cisco Identity Services Engine (ISE) with a Cisco Wireless Controller to provide Guest Access. Using the steps in this guide, you can set up guest access for your users in approximately two hours.

 

Some aspects of this guide can be used for a WLC or ISE that has already been set up. This guide’s flow requires you to have a physical controller that has been reset (no config) and ISE web UI available so that we may step you through basic setup in the correct order.

This guide is most helpful for those that have bought the ISE Express License (an inexpensive license for WLC/ISE), but maybe used by anyone that wants to configure the ISE and WLC from a clean install.

 

There are two types of portals supported by this guide:

  • Guest Access with Hotspot Guest Portals
  • Guest Access with Credentialed Guest Portals
Comments
Participant

This is a great guide by the way... thanks very much for this.  I have one question though...

Page 41 talks about modifying an ACL on the WLC that was created from the WLC wizard.  We did not use this wizard, and as such, we have no guest-acl .  Only a snippet of that ACL is shown in the guide.

Can you please post the default guest-acl in its entirety so I can see what other kinds of ACL entries it contains?

Thanks very much.

John

Cisco Employee

the guest-acl is simply a final permission ACL that allows your guests access to the internet and blocks internally (this is normally done on the DMZ firewall for example

There is a sample in the guide on page 70

Frequent Contributor

Thanks jakunst this how-to is very useful!

Cisco Employee

please like and rate

Frequent Contributor

Done!

Community Member

Hi Jason, I keep getting this error message below after I select my sponsor groups and try to commit the configs.

no Active Directory by the name mydomain.local found.


Even with Ise 2.3 I get this error message.


There's a bug CSCvg44575 No Active Directory found during Wireless setup but AD created and available.


Any workaround available ?


Cisco Employee

You should be now using the Secure Access Wizard starting with ISE 2.2

https://communities.cisco.com/docs/DOC-71189

If you have any questions about the new wizard please open a new community post.