1. Enable "Secure Guest Access" feature
2. Select "Captive Portal" in Credential Delivery Method
3. Edit Rule with End-System Group of "Secure Registration NAC Rule"
4. Create one more guest SSID for secure guest access in wireless controller.
Following is original captive portal ssid : SNK-Guest
And you need to create one more guest SSID (e.g. SecureGuest) for secure guest access with same topology.
5. Select "802.1x" authentication for the secure guest access SSID.
The procedure of authenticating guest client for secure guest access is below:
1. Guest client access to the original guest SSID (in above example, SNK-GUEST)
2. The user will be redirected to captive portal page and will enter required credentials (e.g. First name, Last name, email address, etc)
3. The access instructions will be displayed as below:
4. Then, try to access the secure guest access SSID again (in above example, SecureGuest)
5. The secure guest access SSID will ask you to enter username and password. Then you can enter them which are displayed in above no.3.
6. The client will be accessed through Unregistered role until the sponsor appoves.
7. If sponsor appoves the client, then the client will get proper role