cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
576
Views
5
Helpful
4
Replies

Guest authentication in ISE

vijay kumar
Level 2
Level 2

Hi All,

We are having two SSID in WLC. We are planning that both SSID users has to get authenticate through ISE by Web auth .

One SSID users will get authenticate via guest accounts created by sponsor. Another SSID need to get authenticate by AD user group.

So , in ISE if it is possible to ceate two seperate rules for the SSID's?

Thanks!

TS.

2 Accepted Solutions

Accepted Solutions

mmangat
Level 1
Level 1

Hello,

Please have a look at this short cisco doc that shows ISE Policies Based  on SSID Configuration Examples.

http://www.cisco.com/en/US/products/ps11640/products_configuration_example09186a0080bed902.shtml

View solution in original post

Amjad Abdullah
VIP Alumni
VIP Alumni

Hi Vijay,

I am not an ISE guy, but from my understanding to the concept of the policy model on which the ISE is based I can say "yes. It is possible".

You need to create two different identity sources based on which SSID the user is connecting.

If a user is connecting to SSID1 then check credentials locally.

If a user is connecting to SSID2 then check credentials on AD.

HTH

Amjad

p.s: the term "identity source" is from Cisco ACS 5.x. in ISE you may have same or different name but with same concept.

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"

View solution in original post

4 Replies 4

mmangat
Level 1
Level 1

Hello,

Please have a look at this short cisco doc that shows ISE Policies Based  on SSID Configuration Examples.

http://www.cisco.com/en/US/products/ps11640/products_configuration_example09186a0080bed902.shtml

Mantej,

Very useful doc. +5.

Vijay: Mantej doc provided shows two different methods to achive your goal. It should be what you are exactly looking for.

Regards,

Amjad

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"

Thanks a lot mantej.

Amjad Abdullah
VIP Alumni
VIP Alumni

Hi Vijay,

I am not an ISE guy, but from my understanding to the concept of the policy model on which the ISE is based I can say "yes. It is possible".

You need to create two different identity sources based on which SSID the user is connecting.

If a user is connecting to SSID1 then check credentials locally.

If a user is connecting to SSID2 then check credentials on AD.

HTH

Amjad

p.s: the term "identity source" is from Cisco ACS 5.x. in ISE you may have same or different name but with same concept.

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"
Review Cisco Networking for a $25 gift card