We help IT Professionals succeed at work.

Recommendation for Wifi Partner Portal

operationsIT
operationsIT asked
on
Hello EE,

We have a Cisco Wireless controller for our production network that goes along with our LAN.
We are in the process of creating a guest SSID, but I'd like to see if anyone has recommendation on a partner portal.  I'd like:

The "wifi guest request" to automatically be forwarded to our partner portal.  So the guests get a login page to insert his individual username and password.

Our partner portal device would be installed in our DMZ and use our existing internet for guest internet access with bandwidth limitations we set.

Please let me know what your organization is using?
Comment
Watch Question

Commented:
In your situation, you should probably be using Cisco ISE. Since I'm not fully familiar with it, you may be able to have a rudimentary guest system using software built into your controllers.

We're an Aruba shop, so we use Aruba Clearpass Guest. We actually go a step further and restrict users who connect to guest wireless from talking to other devices on the same network and funnel them out our backup Internet connection so you don't have any possibility of coexistence with standard network traffic.
Top Expert 2014

Commented:
Cisco ISE is a good choice if you want to integrate into your existing Cisco WLAN solution.  You should really put a new controller and ISE server in the DMZ and use the Guest Anchor feature to securely tunnel all guest traffic straight from your existing internal WLC to the DMZ.  Putting an ISE in the DMZ alone isn't enough to keep it secure.

Author

Commented:
Our controller is now on the DMZ so would we really need another controller or just broadcast guest SSID?
Top Expert 2014

Commented:
If your controller is now in the DMZ is it providing Wifi access for the internal LAN too?

Usually you'll have one WLC on your internal LAN which provides the access to corporate resources, then the would be another WLC in the DMZ for guest access.  The Guest SSID would be on the internal WLC but it would be 'anchored' to the DMZ WLC.

Author

Commented:
@Craigbeck - Yes currently it is on the DMZ.
Great thanks!  Maybe that would be best practice?

Author

Commented:
ISE I found base is 12k and we have a solution for our local LAN users so I only need this for guests so wonder if there is a 3rd party that would be more cost effective yet still as solid?
Top Expert 2014

Commented:

Author

Commented:
Ok I'll check thank you.
Are you using this?  Pro/Con?
Top Expert 2014
Commented:
The company I work for suggests this solution to clients wanting to use a 3rd-party portal.  It's a great solution.

Author

Commented:
Great thanks I will review.