I configure Guest portal on Cisco ISE. I attached the authorization policy photo. Now i need to configurate airespace id 2 for guest users. Do i need create new authorization policy and apply new condition for airespace id or i must be only create new condition and apply current CWA authorization rule?
1. Create a new policy set and name it "Wireless-Name_of_SSID"
2. For matching condition for that rule I would match it against the "Airspace ID" (taken from the controller"
3. I would set the default authorization rule to CWA
4. Then I would place the appropriate guest authorization rules above that
5. Remote the rules from the default policy set
That way a user associates to the guest SSID would first hit the CWA rule which would force web redirection to the guest portal. Then after the user logins, she/he would hit one of the rules that you created in step #4
As i understand I must create new authorization rules name Guest ssid then create new condition(airspace id 2) and then i must create a permission in this new rule. which permission i must create? can i apply Sofaz_guest_wlan_cwa permission sofaz_wlan-cwa in the Guest ssid rule?
what i will do sofaz_guest_wlan and sofaz_guest-wlan_cwa autohorization rule? must i modify this rules?
If the new rules are working properly you can simple delete the old rules as they will be not be required so after confirming the new rule working you should delete sofaz_guest_wlan and sofaz_guest-wlan_cwa autohorization rule.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :