View Cart
0 Items | Total: US$0.00
Welcome,      Register

You are here

SEC0282 - ISE 2.2 Guest Access with Sponsored Guest (Part 3)

Average: 5 (2 votes)
Difficulty Level: 
Lab Document: 
<Please login to see the content>
Video Download: 
Title: SEC0282 - Video Download $24.00
Purchase SEC0282 - Video Download $24.00
The video demonstrates the second guest access deployment model on Cisco ISE 2.2 called Sponsored Guest. We will go through the complete workflow of configuring sponsored guest including some basic customization for both guest and sponsor portal. We will look at how to provide guest-equivalent access to our employees as well as to have guest devices automatically connected via device registration. Testing will be performed on both wired and wireless.
Part 3 of this video covers authentication and authorization policy configuration
  • Guest Access Workcenter
  • Guest Settings (Account Purge, Custom Field, Email Settings, Location/SSID, Username/Password Policy)
  • Endpoint Identity Group
  • Guest Type
  • Guest Portal with Basic Customization
  • Sponsor Group
  • Sponsor Portal with Basic Customization
  • Authentication Policy (Wired & WLAN MAB)
  • Policy Element Result
    • Authorization (DACL and Named ACL)
    • Authorization (Authorization Profile)
  • Authorization Policy
  • Device Registration
  • Endpoint Purge
  • Guest Simultaneous Login

About Author

Metha Cheiwanichakorn, CCIE#23585 (RS, Sec, SP), is a Cisco networking enthusiast with years of experience in the industry. He is currently working as a consulting engineer for a Cisco partner. As a founder of and an instructor at, Metha enjoys learning and challenges himself with new Cisco technologies.


Hi Metha, thanks for all of the great videos you make.

I've tried to configure this scenario and I'm a bit confused about session limit and reconnect rules.
Here is my explanation:
- session limit 1
- when I connect the second device (same user) the session limit rule is applied (expected)
- when I disconnect and re-connect the device, the re-connect rule is applied (expected)
But here is the situation - now, when the second device tries to connect, It is allowed to the network because the first device is authorized through the re-connect rule and the session limit per user is not applied.

Am I wrong with configuration? If not, how to solve it?

Thanks, Stanislav.

We believe that is correct. For system to continue to enforce session limit, it needs to know user the device is logged in as so in this case you can't really use the re-connect rule.

Hi, thanks for the reply and explanation.

I believe it is OK. I just wasn't sure about my configuration ;)
I changed the session timeout and idle timer to solve the UX with re-connecting.

Thanks and looking forward to next ISE videos :)