cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

181
Views
0
Helpful
5
Replies
Beginner

ISE 2.7 guest flow issue

Hi,

I tried guest flow in ISE 2.7 and I'm facing issue with initial MAC authentication for redirect. I have standard configuration - identity source Guest Users with "If User now found" option set to Continue - the standard settings I guess.

When the MAC arrive from WLC the authentication fails with Process fail. When I set identity source Internal Endpoints it works. Something changed in the 2.7 version or it's a bug?

Thanks,

Jiri

Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Beginner

Re: ISE 2.7 guest flow issue

Hi,

 

changing identity source to Internal Endpoints fixed the issue.

Thank you for the help.

 

Jiri

View solution in original post

5 REPLIES 5
Highlighted
Cisco Employee

Re: ISE 2.7 guest flow issue

For ISE Central WebAuth, it always has been required to setup Internal Endpoints for the identity source in the policy set. The guest users or any other identity source sequence is defined on the portal it self.

Highlighted
Cisco Employee

Re: ISE 2.7 guest flow issue


@Jiri Krystynek wrote:

Hi,

I tried guest flow in ISE 2.7 and I'm facing issue with initial MAC authentication for redirect. I have standard configuration - identity source Guest Users with "If User now found" option set to Continue - the standard settings I guess.

When the MAC arrive from WLC the authentication fails with Process fail. When I set identity source Internal Endpoints it works. Something changed in the 2.7 version or it's a bug?

Thanks,

Jiri


Depends on how you configured it. If you used the defaults policies then it should work. If you created a new auth policy then you will likely need to change it

https://community.cisco.com/t5/security-documents/ise-guest-access-prescriptive-deployment-guide/ta-p/3640475

Highlighted
Beginner

Re: ISE 2.7 guest flow issue

Hi,

 

thank you all for the replies. I'm using ISE guest for several years and version with Guest Users identity sources and everything worked fine. I thought that it's needed for the second authentication (guest account). Probably it works a little different that I thought. Never mind I can change it easily.

But still there's something different in the 2.7. I don't think it should end up with process failed, I would expect that it ends on User not Found.

 

Thanks,

Jiri

Highlighted
Beginner

Re: ISE 2.7 guest flow issue

Hi,

 

changing identity source to Internal Endpoints fixed the issue.

Thank you for the help.

 

Jiri

View solution in original post

Highlighted
Cisco Employee

Re: ISE 2.7 guest flow issue


@Jiri Krystynek wrote:

Hi,

 

changing identity source to Internal Endpoints fixed the issue.

Thank you for the help.

 

Jiri


Was it a new policy set or the built-in please?