Hi all,
I'm looking for some guidance on improving our guest Wi‑Fi setup.
I'm running a 9800‑CL with ISE for 802.1X and guest services, supporting 35+ FlexConnect sites. We have two SSIDs:
Corp — for laptops, desktops, scanners, printers, etc.
Guest — for visitors and staff mobile devices (typically around 50 users per site).
The Guest SSID currently uses a guest portal (or MAB) hosted on an ISE node in our DMZ. Over the last year it has become increasingly unreliable — particularly for Apple devices — and it's causing ongoing issues.
I’d like to move away from the portal solution, but I’m struggling to find a decent alternative:
Single PSK isn’t ideal due to management expectations and concerns about it being widely shared, especially in countries where mobile data is expensive.
iPSK would be great, but it doesn't seem practical for guests since we’d need to pre‑load MAC addresses.
mPSK looks promising too, but the controller appears to allow only five PSKs. Is there any way to increase this? Ideally I’d prefer a unique PSK per site.
Is there a better approach I should consider?
Thanks in advance for any advice.
