You are here
SEC0282 - ISE 2.2 Guest Access with Sponsored Guest (Part 3)
Difficulty Level:
Lab Document:
<Please login to see the content>
Category:
Security
The video demonstrates the second guest access deployment model on Cisco ISE 2.2 called Sponsored Guest. We will go through the complete workflow of configuring sponsored guest including some basic customization for both guest and sponsor portal. We will look at how to provide guest-equivalent access to our employees as well as to have guest devices automatically connected via device registration. Testing will be performed on both wired and wireless.
Part 3 of this video covers authentication and authorization policy configuration
Topic:
- Guest Access Workcenter
- Guest Settings (Account Purge, Custom Field, Email Settings, Location/SSID, Username/Password Policy)
- Endpoint Identity Group
- Guest Type
- Guest Portal with Basic Customization
- Sponsor Group
- Sponsor Portal with Basic Customization
- Authentication Policy (Wired & WLAN MAB)
-
Policy Element Result
- Authorization (DACL and Named ACL)
- Authorization (Authorization Profile)
- Authorization Policy
- Device Registration
- Endpoint Purge
- Guest Simultaneous Login
3 comments
Session limit after user reconnect
Hi Metha, thanks for all of the great videos you make.
I've tried to configure this scenario and I'm a bit confused about session limit and reconnect rules.
Here is my explanation:
- session limit 1
- when I connect the second device (same user) the session limit rule is applied (expected)
- when I disconnect and re-connect the device, the re-connect rule is applied (expected)
But here is the situation - now, when the second device tries to connect, It is allowed to the network because the first device is authorized through the re-connect rule and the session limit per user is not applied.
Am I wrong with configuration? If not, how to solve it?
Thanks, Stanislav.
Session limit after user reconnect
We believe that is correct. For system to continue to enforce session limit, it needs to know user the device is logged in as so in this case you can't really use the re-connect rule.
Hi, thanks for the reply and
Hi, thanks for the reply and explanation.
I believe it is OK. I just wasn't sure about my configuration ;)
I changed the session timeout and idle timer to solve the UX with re-connecting.
Thanks and looking forward to next ISE videos :)
SP.