View Cart
0 Items | Total: US$0.00
Welcome,      Register

You are here

Home » Security » SEC0196 - ISE 1.3 Guest Access with Hotspot (Part 2)

SEC0196 - ISE 1.3 Guest Access with Hotspot (Part 2)

Rating: 
5
Average: 5 (1 vote)
Difficulty Level: 
0
Lab Document: 
<Please login to see the content>
Category: 
Security
The video demonstrates the first guest access deployment model on Cisco ISE 1.3 called Hotspot. We will be configuring ISE to allow our guest users to perform a single-click type of login to access internet, including an access code enforcement. We will also show how to provide better user experience by not having user encountering login portal after first login using automatic device registration, or if desired control how often users should be redirected back to the login page using Endpoint Purge.
 
Part 2 of this video focuses on guest login and device reconnect testing
 
Topic:
  • WLAN SSID Configuration
  • Endpoint Identity Group
  • Hotspot Guest Portal
  • Authentication Policy (WLAN MAB)
  • Policy Element Result
    • Authorization (Downloadable ACL)
    • Authorization (Authorization Profile)
  • Authorization Policy
  • Endpoint Purge
Tag: 
ISE
ise 1.3
vpn
posture
anyconnect
coa
asa
posture module

About Author

Metha Chiewanichakorn, CCIE#23585 (Ent. Infra, Sec, SP), is a Cisco networking enthusiast with years of experience in the industry. He is currently working as a consulting engineer for a Cisco partner. As a founder of and an instructor at labminutes.com, Metha enjoys learning and challenges himself with new technologies.
http://www.linkedin.com/in/methachiewanichakorn

6 comments

Submitted by Hamid on Mon, 12/21/2015 - 06:38

Is connection between wireless client and AP secured or encrypted in Hotspot?

Submitted by admin on Tue, 12/22/2015 - 21:45

The SSID Authentication is Open so unencrypted.

Submitted by ICQf0r3v3r on Wed, 05/18/2016 - 09:48

1)How can i make such way that ISE "forgets" client and i can make the procedure of registration again?

2) I tried to create custom identity group, but my devices allways go to registered group and 2nd authorization rule doesnt work because of this fact, why this happens?

Submitted by admin on Wed, 05/18/2016 - 22:08

1)  You can use Endpoint purging rule to periodically remove endpoints from ISE, hence forcing them to re-login

2) Not sure which registered group you are refering to but you should be able to assign endpoint logging into hotspot to any endpoint group you want.

Submitted by ICQf0r3v3r on Thu, 05/19/2016 - 06:21

2) I'm speaking about identity group from video "LM_HOTSPOT_ENDPOINT"

am i supposed to add mac address of a device to this group manually?
ISE after authorization places device to "Registered" group

Submitted by admin on Sun, 05/22/2016 - 21:00

If you configure your guest portal to have device registered automatically after login then no, the deviec MAC should be added to the specified group for you.