With randomized MAC addresses becoming more of the norm for mobile devices, it’s time to think about how you handle guest access. The main configuration I’ve seen is authenticating the connection, adding the MAC address to GuestEndpoints, and then allowing future authentications for X amount of days based on that MAC address. Obviously, that’s about…
Instead of using a Network Access Users account, we are going to create guest accounts via the sponsor portal that are allowed to authenticate using 802.1x.
Redirecting HTTPS requests for guest or posturing causes the browser to display certificate errors. Stop redirecting HTTPS!
The customer had a pretty straightforward request. They wanted a sponsored guest portal where users could self register but had to be approved. They also wanted to allow users of a single AD group to be able to log into the portal.