topic Re: ISE Central Web Authentication in Network Access Control

ISE Central Web Authentication

the.prince.of.nyinyizin — Mon, 31 Jul 2017 09:21:00 GMT

hi all,

now I faced this issue

-First I login to SSID and then redirect to ISE guess portal.

-login with ISE local account and successful authentication.

-After that, I tried to use internet browsing and then Redirect again and again to ISE guess portal.

Please Check My ISE Authorization Rule as follow.

Thanks You

Re: ISE Central Web Authentication

tertang@cisco.com — Mon, 31 Jul 2017 15:34:11 GMT

there's no match on your "wireless guess" authz policy after a successful web-auth that's why you get stuck in a authz loop.

take a look at your guest portal configurations>>guest type.

your "wireless guess" policy is matching on " "GuestEndpoints", so you need to make sure you assign the guest device to GuestEndpoints in Guest Types.

Re: ISE Central Web Authentication

ldanny — Mon, 31 Jul 2017 15:53:21 GMT

Hi Nyi,

Its hard for me to say as I dont know how you setup your authz profile

Basically you should have 2 rules , the second one being the redirect and the first to permit access .

The second rule is the first rule to be hit ( match the re-direction ) once user logins he is sent a CoA for re-authentication and will hit the first rule which permits the access.

Check this guide to verify your setup.

How To: ISE Guest & Web-Authentication Design Guide

Danny