Cisco ISE 2.0 – Guest authentication ISE configuration

This is a 4 part blog series about configuring Cisco ISE 2.0 for WLAN authentication and WLAN Guest authentication (split into two parts) on a Cisco Wireless LAN Controller (WLC).

ISEimageFor more guides about configuring (previous) Cisco ISE, see this page.This is part 4, the ISE configuration for guest access

Configure Cisco ISE

The Authorization profile will be created first, then the authentication and authorization policies are configured.

(more…)

Cisco ISE 2.0 – Guest Authentication

This is a 4 part blog series about configuring Cisco ISE 2.0 for WLAN authentication and WLAN Guest authentication (split into two parts) on a Cisco Wireless LAN Controller (WLC).ISEimage

For more guides about configuring (previous) Cisco ISE, see this page.This is part 3, configuring the Cisco WLC for guest access.

Configure WLAN’s on WLC

  1. Navigate to WLAN’s, Create new

Picture12. Configure General Settings:

(more…)

Cisco ISE 2.0 Active Directory & Radius

This is a 4 part blog series about configuring Cisco ISE 2.0 for WLAN authentication and WLAN Guest authentication (split into two parts) on a Cisco Wireless LAN Controller (WLC).

ISEimageFor more guides about configuring (previous) Cisco ISE, see this page.This is part 1, the prerequisites before you can start configuring any authentication method.

Add ISE to Active Directory domain

Login into ISE and add ISE to the Active Directory domain by following these steps:

(more…)

Cisco ISE Part 9: Guest and web authentication

This is a Cisco ISE blog post series with some how-to’s for configuring the ISE deployment, This blog post series exists of 10 parts.

The blogpost Agenda:

Part 1: introduction
Part 2: installation
Part 3: Active Directory
Part 4: High Availability
Part 5: Configuring wired network devices
Part 6: Policy enforcement and MAB
Part 7: Configuring wireless network devices
Part 8: Inline posture and VPN
Part 9: Guest and web authentication
Part 10: Profiling and posture

This week, part 9: Guest and web authentication

Webauthentication can be used for guest access. It can also being used for a last resort for authentication of normal users if the 802.1x supplicant is not working. Access to this portal can be done by a remediation VLAN with limited access to resources. The portal is using HTTP and HTTPS,  because of limited access, the NAD (or WLC) will intercept the HTTP request and redirects it to the web portal.

There are two portals: Guest user portal is a portal the guest is using for logging in. The Sponsor portal is a portal being used by company employees for creating and managing guest accounts. The guest portal is customizable in available options for guest users.

To manage the RADIUS requests, the portal is installed on all required policy nodes. The configuration of the portal (and users) are replicated to all nodes. So, there is a central deployment.

You can configure multiple authorization sources in one rule. So, you can use one SSID for all used: internal production use, BYOD, Guest, etc. This is a nice feature of Cisco ISE.

Configuration

Click Administration – Guest management – Settings, click the arrow and click Multi-portal configurations.

Edit the DefaultGuestPortal to your needs:

  • Password policies
  • Need of posture client
  • self service
  • device registration
  • DHCP settings
  • Policies
  • etc

guestportal1

guestportal2

(more…)