Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Cisco ISE Guest portal airespace id configuration

I configure Guest portal on Cisco ISE. I attached the authorization policy photo. Now i need to configurate airespace id 2 for guest users. Do i need create new authorization policy and apply new condition for airespace id or i  must be only create new condition and apply current CWA authorization rule?

Thanks for your helping.

New Member

Attached file. Two

Attached file. Two authorization policy for guest portal.

Cisco Employee

Here is what I would

Here is what I would recommend:

1. Create a new policy set and name it "Wireless-Name_of_SSID"

2. For matching condition for that rule I would match it against the "Airspace ID" (taken from the controller"

3. I would set the default authorization rule to CWA

4. Then I would place the appropriate guest authorization rules above that

5. Remote the rules from the default policy set

That way a user associates to the guest SSID would first hit the CWA rule which would force web redirection to the guest portal. Then after the user logins, she/he would hit one of the rules that you created in step #4

Hope this helps


Thank you for rating helpful posts!

Thank you for rating helpful posts!
New Member

As i understand I must create

As i understand I must create new authorization rules name Guest ssid then create new condition(airspace id 2) and then i must create a permission in this new rule. which permission i must create? can i apply Sofaz_guest_wlan_cwa permission sofaz_wlan-cwa in the Guest ssid rule?

what i will do sofaz_guest_wlan and sofaz_guest-wlan_cwa autohorization rule? must i modify this rules?

Cisco Employee

Take a look at the following

Take a look at the following document. It is for an older version of ISE with no policy sets but it should still give you a good example:


Thank you for rating helpful posts!

If the new rules are working

If the new rules are working properly you can simple delete the old rules as they will be not be required so after confirming the new rule working you should delete sofaz_guest_wlan and sofaz_guest-wlan_cwa autohorization rule.

CreatePlease to create content