Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
732
Views
5
Helpful
2
Replies

Keeping Generic accounts from connecting to Guest network

Go to solution
CGidcumb1002
Level 1
Level 1

‎08-10-2021 09:21 AM

Is there an easy way from keeping generic accounts from connecting to our Guest network? Right now if a user has an AD account, they connect their personal devices to the Guest network and it authenticates against AD. The problem is that the generic accounts also reside in AD and anyone who knows the passwords for these generic accounts can use them to access the guest network. So I guess the question is, is there a way to exclude certain AD accounts in Cisco ISE from being able to connect to an SSID?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Arshad Safrulla
VIP Alumni
VIP Alumni

‎08-12-2021 06:07 AM

Easily guessable Generic Account passwords?????? This itself is a big problem.

Regarding your question this has to be done on ISE, you need to edit the Authentication and Authorization policies to allow only the preferred group from AD. WLC cannot influence the Authentication here, I would recommend you open a discussion on ISE community.

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla

View solution in original post

2 Replies 2

Go to solution
Arshad Safrulla
VIP Alumni
VIP Alumni

‎08-12-2021 06:07 AM

Easily guessable Generic Account passwords?????? This itself is a big problem.

Regarding your question this has to be done on ISE, you need to edit the Authentication and Authorization policies to allow only the preferred group from AD. WLC cannot influence the Authentication here, I would recommend you open a discussion on ISE community.

___________________________________________
TAC recommended codes for AireOS WLC's
Best Practices for AireOS WLC's
TAC recommended codes for 9800 WLC's
Best Practices for 9800 WLC's
Cisco Wireless compatibility matrix
___________________________________________
Arshad Safrulla

Go to solution
CGidcumb1002
Level 1
Level 1
In response to Arshad Safrulla

‎08-12-2021 06:59 AM

Ok, thanks for the info. We are new to ISE and was trying to setup some new policies that we haven't had in place and working through the flows. I didn't know if ISE had the ability to restrict individual usernames or not.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card