Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ISE - Web Authentication Registration

I have a guest portal on ISE configured for central web authentication for our wireless network. I only purchased the basic licensing because I am not interested in the product for profiling, mobile device management, etc.

 

Is there a way that I can have ISE grant a user access for several months (a semester) without having to login to the web portal again?

It might help to mention that I don't mind if the students cannot manage their connected devices.

 

3 REPLIES
New Member

On the surface of it I can't

On the surface of it I can't see a way for you to grant access without logging back into the portal - especially with mobile devices. What you could do as another option is use ISE "activated guest" credentials for a PEAP connection on your SSID.

Basically you would create the accounts via the sponsor portal as per usual but instead of "guest" use "activated guest". You would then need to reconfigure your SSID to support EAP and create associated ISE policies to support PEAP and checking users are part of the activated guest group. What this then means is that once credentials are entered they can be remembered by the client device.

The only real drawback to this method is the lack of AUP which get via the portal. I always get around this by providing the AUP (or links to) on the instructions provided to the client upon receipt of the credentials.

 

Hope this make sense.

Cisco Employee

Activated Guest role which

Activated Guest role which can be used for those customers who want to grant access to a more secure network (dot1x/VPN for remote users) without needing to login to the Guest Portal to activate the user account. This also gives the guest a way to connect and cache their credentials via their dot1x supplicant instead of having them login to the guest portal via redirection every time they connect to the network.

New Member

Thanks for the feedback. It

Thanks for the feedback. It pretty much confirmed what I had already thought. 

Some of the motivation here is to have more accountability with access. I see now that is only going to come with more advanced licensing. 

I think that we are really in the market for an mdm/byod onboarding captive portal. That changes the entire scope of things. 

73
Views
5
Helpful
3
Replies