Cisco Ise 13 User Guide
Here you can view all the pages of manual Cisco Ise 13 User Guide. The Cisco manuals for Interface are available online for free. You can easily download all the documents as PDF.
Page 351
Guest Access with Hotspot Guest Portals CiscoISEprovidesnetworkaccessfunctionalitythatincludes“hotspots,”whichareaccesspointsthatguests canusetoaccesstheInternetwithoutrequiringcredentialstologin.Whenguestsconnecttothehotspot networkwithacomputeroranydevicewithawebbrowserandattempttoconnecttoawebsite,theyare automaticallyredirectedtoaHotspotGuestportal.Bothwiredandwireless(Wi-Fi)connectionsaresupported withthisfunctionality....
Page 352
Employee Access with Credentialed Guest Portals EmployeescanalsoaccessthenetworkusingCredentialedGuestPortalsbysigninginusingtheiremployee credentials,aslongastheircredentialscanbeaccessedbytheidentitysourcesequenceconfiguredforthat portal. Guest Device Compliance Whenguestsandnon-guestsaccessthenetworkthroughcredentialedGuestportals,youcanchecktheir devicesforcompliancebeforetheyareallowedtogainaccess.YoucanroutethemtoaClientProvisioning...
Page 353
Self-Registered Guest Portal Sponsored-Guest PortalHotspot Guest PortalTask Notrequired(definedby guesttype) Notrequired(definedby guesttype) RequiredCreateEndpointIdentity Groups,onpage501 NotapplicableNotapplicableRequiredCreateaHotspotGuest Portal,onpage310 NotapplicableRequiredNotapplicableCreateaSponsored-Guest Portal,onpage311 RequiredNotapplicableNotapplicableCreateaSelf-Registered GuestPortal,onpage312 RequiredRequiredRequiredAuthorizePortals,on page314...
Page 354
Thiscertificategrouptagwillbeavailabletoselectduringportalcreationorediting. Step 3ChooseGuestAccess>Configure>GuestPortals>CreateorEdit>PortalSettings. Step 4SelectthespecificcertificategrouptagfromtheCertificategrouptagdrop-downlistthatisassociatedwith thenewlyaddedcertificate. Create External Identity Sources CiscoISEcanconnectwithexternalidentitysourcessuchasActiveDirectory,LDAP,RADIUSToken,and RSASecurIDserverstoobtainuserinformationforauthenticationandauthorization.Externalidentitysources...
Page 355
Procedure Step 1ChooseAdministration>IdentityManagement>IdentitySourceSequences>Add. Step 2Enteranamefortheidentitysourcesequence.Youcanalsoenteranoptionaldescription. Step 3ChecktheSelectCertificateAuthenticationProfilecheckboxandchooseacertificateauthenticationprofile forcertificate-basedauthentication. Step 4ChoosethedatabaseordatabasesthatyouwanttoincludeintheidentitysourcesequenceintheSelectedList box. Step 5RearrangethedatabasesintheSelectedlistintheorderinwhichyouwantCiscoISEtosearchthedatabases....
Page 356
Create a Hotspot Guest Portal YoucanprovideaHotspotGuestportaltoenablegueststoconnecttoyournetworkwithoutrequiringa usernameandpasswordtologin.Anaccesscodecanberequiredtologin. YoucancreateanewHotspotGuestportal,oryoucaneditorduplicateanexistingone.Youcandeleteany HotspotGuestportal,includingthedefaultportalprovidedbyCiscoISE. AnychangesthatyoumaketothePageSettingsonthePortalBehaviorandFlowSettingstabarereflected inthegraphicalflowintheGuestFlowdiagram.Ifyouenableapage,suchastheAUPpage,itappearsin...
Page 357
What to Do Next Youmustauthorizetheportalinordertouseit.Youcanalsocustomizeyourportaleitherbeforeorafteryou authorizeitforuse. Create a Sponsored-Guest Portal YoucanprovideaSponsored-Guestportaltoenabledesignatedsponsorstograntaccesstoguests. YoucancreateanewSponsored-Guestportal,oryoucaneditorduplicateanexistingone.Youcandelete anySponsored-Guestportal,includingthedefaultportalprovidedbyCiscoISE. AnychangesthatyoumaketothePageSettingsonthePortalBehaviorandFlowSettingstabarereflected...
Page 358
•GuestDeviceRegistrationSettings—SelectwhetherCiscoISEautomaticallyregistersguestdevices ordisplaysapagewhereguestscanmanuallyregistertheirdevices. •BYODSettings—Letemployeesusetheirpersonaldevicestoaccessthenetwork. •Post-LoginBannerPageSettings—Notifyguestsofadditionalinformationbeforetheyaregranted networkaccess. •GuestDeviceComplianceSettings—RoutegueststotheClientProvisioningpageandrequirethem tofirstdownloadthepostureagent....
Page 359
•AcceptableUsePolicy(AUP)PageSettings •BYODSettings Before You Begin Ensurethatyouhaveconfiguredtherequiredcertificates,externalidentitysources,andidentitysource sequencesforthisportal. Procedure Step 1ChooseGuestAccess>Configure>GuestPortals>Create,EditorDuplicate.. Step 2Ifcreatinganewportal,intheCreateGuestPortaldialogbox,selectSelf-RegisteredGuestPortalasthe portaltypeandclickContinue. Step 3ProvideauniquePortalNameandaDescriptionfortheportal....
Page 360
•VLANDHCPReleasePageSettings—ReleasetheguestdeviceIPaddressfromtheguestVLANand renewittoaccessanotherVLANonthenetwork.Formoreinformation,seeBYODSettingsfor CredentialedGuestPortals,onpage782. •AuthenticationSuccessSettings—Specifywheretodirectguestsaftertheyareauthenticated.Ifyou redirectaGuesttoanexternalURLafterauthentication,theremaybeadelaywhiletheURLaddress isresolvedandthesessionisredirected.Formoreinformation,seeAuthenticationSuccessSettingsfor GuestPortals,onpage784....