Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Guest Network Secure Setup

Greetings!

We have a guest network and anyone with the password can get on it. This has led to many users bringing in devices and camp out on the guest network all day. This is not the way we wanted to introduce BYOD to our company. What sort of technologies can we use to create a proper login for the guest network?

Thanks!

9 REPLIES
Bronze

Re:Guest Network Secure Setup

Could you be more specific. What do u mean by users can login with passwords. Is it their domain account?. Do you have Cisco ACS or ISE as part of your setup?


Sent from Cisco Technical Support Android App

New Member

Re:Guest Network Secure Setup

Absolutely. We currently have NO infrastructure in place to allow guests to log into the guest network on site. Something similar to how you log into hotel wifi or something along those lines. I am curious of what sort of architecure for implementing something like this are in place elsewhere. We recently purchased ISE but have yet to implement it. Would that be sufficient? Are there better products out there?

Guest Network Secure Setup

ISE would be the way to go.  You can enable account restrictions, and use that to keep users from brining on too many devices.

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

HTH, Steve ------------------------------------------------------------------------------------------------ Please remember to rate useful posts, and mark questions as answered
New Member

Guest Network Secure Setup

I guess I need to read up more on ISE to understand if it fits our needs.

So, do you have to create a guest account? Can you register devices and give them a duration to allow them on the network? The guest network doesn't even require an account at the moment.

Bronze

Re:Guest Network Secure Setup

In the interim, I would suggest you shut down the guest WiFi. How is your guest setup? Do you have foreign WLC anchored to another WLC? or is it a single WLC with the guest SSID?


Sent from Cisco Technical Support Android App

New Member

Re:Guest Network Secure Setup

We have each network segregated via firewall rules and ACLs.

Bronze

Re:Guest Network Secure Setup

That means you have a single wireless controller that broadcasts the guest ssid. If that is correct, the best way for you to go in such scenario is to use Wireless MAC authentication Bypass in the ISE with access restrictions that would allow only internal accounts configured by a sponsor . It would be a long process for me to describe the config, however you can check out www.labminutes.com and view the ISE for BYOD. If you need more clarification feel free to ask


Sent from Cisco Technical Support Android App

Bronze

Re:Guest Network Secure Setup

To clarify further, once you have the ISE guest config set up properly, make sure you don't include AD1 in the identity source sequence for authentication. Leave as Sponsor_Portal_Sequence which would use internal accounts created by your designated sponsors or IT


Sent from Cisco Technical Support Android App

Cisco Employee

Re: Guest Network Secure Setup

In your scenario ISE will be the best option. It provides more than one way to authenticate the guest. For more information you can see the attached PDF.

262
Views
0
Helpful
9
Replies