https://community.cisco.com/t5/network-security/ise-guest-hotspot-post-auth-issue/m-p/5236084#M1118172 <P>Hello,</P><P>I am dealing with the same issue, did this end up being a cert issue like Balaji.Bandi suggested?</P><P>&nbsp;</P><P>Thanks</P> Thu, 12 Dec 2024 16:14:47 GMT GregWeaver 2024-12-12T16:14:47Z https://community.cisco.com/t5/network-security/ise-guest-hotspot-post-auth-issue/m-p/5151136#M1114632 <P>ISE 3.3.0 running on 3615 appliances</P><P>IOS-XE 17.9.5 on 9800-40 WLCs</P><P>We have some odd behaviour with a new hotspot portal. Everything up to authentication appears to be working correctly - user is prompted to sign in on connecting to the SSID, redirect is sent to the WLC, portal page is displayed, internet ACL is sent to the WLC when the user accepts the ToU, and the authentication success page is displayed.</P><P>However with some devices the user still does not have network access. This primarily appears to affect Android devices, but not all - I haven't observed it with iOS or Windows clients. Refreshing the auth success page does <EM>something</EM> which causes auth to be successful/the internet ACL to be applied correctly, and the network then shows as connected and the user has internet access.</P><P>The fact that this isn't universal in our deployment suggests it's a client issue, but I'm at a loss to understand how a client issue could apparently prevent the correct ACL from being applied by the WLC!</P><P>Has anyone come across this issue before? Any pointers on whether it's likely to be an ISE, WLC or client issue, and on where I can look to gather more information if it isn't client? Thanks!</P><P>&nbsp;</P> Thu, 25 Jul 2024 14:49:43 GMT https://community.cisco.com/t5/network-security/ise-guest-hotspot-post-auth-issue/m-p/5151136#M1114632 pb100 2024-07-25T14:49:43Z https://community.cisco.com/t5/network-security/ise-guest-hotspot-post-auth-issue/m-p/5151173#M1114639 <P>how is the certs configured, is this FQDN or IP ?</P> <P>Make sure the valid cert trusted by the client, always suggest to use cert Public signed one.</P> <P>check the packet flow :</P> <P><A href="https://www.youtube.com/watch?v=MOIpRLpfGvo" target="_blank">https://www.youtube.com/watch?v=MOIpRLpfGvo</A></P> <P>&nbsp;</P> Thu, 25 Jul 2024 15:42:59 GMT https://community.cisco.com/t5/network-security/ise-guest-hotspot-post-auth-issue/m-p/5151173#M1114639 balaji.bandi 2024-07-25T15:42:59Z https://community.cisco.com/t5/network-security/ise-guest-hotspot-post-auth-issue/m-p/5151781#M1114665 <P>If device use randomize MAC then it will failed to access'</P> <P>The ISE learn MAC and add it to identity group so it will use it after CoA'</P> <P>If Android use this feature then it mac is change always and it failed to authc/authz by ISE</P> <P>MHM</P> Fri, 26 Jul 2024 10:48:56 GMT https://community.cisco.com/t5/network-security/ise-guest-hotspot-post-auth-issue/m-p/5151781#M1114665 MHM Cisco World 2024-07-26T10:48:56Z https://community.cisco.com/t5/network-security/ise-guest-hotspot-post-auth-issue/m-p/5236084#M1118172 <P>Hello,</P><P>I am dealing with the same issue, did this end up being a cert issue like Balaji.Bandi suggested?</P><P>&nbsp;</P><P>Thanks</P> Thu, 12 Dec 2024 16:14:47 GMT https://community.cisco.com/t5/network-security/ise-guest-hotspot-post-auth-issue/m-p/5236084#M1118172 GregWeaver 2024-12-12T16:14:47Z https://community.cisco.com/t5/network-security/ise-guest-hotspot-post-auth-issue/m-p/5307407#M1121713 <P>Hello,</P> <P>I am dealing with the same issue, the problem appear after the software upgrade on mobile android device. Other suggested?</P> <P>Best regards</P> Wed, 09 Jul 2025 14:03:19 GMT https://community.cisco.com/t5/network-security/ise-guest-hotspot-post-auth-issue/m-p/5307407#M1121713 t-sassatelli 2025-07-09T14:03:19Z