I’m going to configure two different guest portals. Otherwise, if you absolutely, positively need to run a hotspot portal (maybe you want to display an ad?), here is a suggestion for a temporary workaround. The only exception is if you want to force registration of guests. I’m a fan of having an open wireless network for guests to connect to without a portal. BYOD Onboarding? Way too much overkill for simple guest access.ĭon’t utilize automatic reauthentication, requiring guests to go through the hotspot portal upon every reconnection? The steps below may help with other configurations you run but definitely not needed for short term guests that must accept an AUP on every connection. Teaching end users a way to reduce their privacy is a bad practice.Ĭurrently, ISE doesn’t have a way to utilize something like Passpoint for seamlessly authenticating guest users. I do NOT recommend suggesting to the guest user they disable MAC address randomization on their personal device. The main configuration I’ve seen is authenticating the connection, adding the MAC address to GuestEndpoints, and then allowing future authentications for X amount of days based on that MAC address. With randomized MAC addresses becoming more of the norm for mobile devices, it’s time to think about how you handle guest access.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |