cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

194
Views
0
Helpful
2
Replies

ISE Central Web Authentication

hi all,

now I faced this issue

-First I login to SSID and then redirect to ISE guess portal.

-login with ISE local account and successful authentication.

-After that, I tried to use internet browsing and then Redirect again and again to ISE guess portal.

Please Check My ISE Authorization Rule as follow.

Thanks You

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: ISE Central Web Authentication

there's no match on your "wireless guess" authz policy after a successful web-auth that's why you get stuck in a authz loop.

take a look at your guest portal configurations>>guest type.

your "wireless guess" policy is matching on " "GuestEndpoints", so you need to make sure you assign the guest device to GuestEndpoints in Guest Types.

Screen Shot 2017-07-31 at 11.31.15 PM.png

View solution in original post

2 REPLIES 2
Cisco Employee

Re: ISE Central Web Authentication

there's no match on your "wireless guess" authz policy after a successful web-auth that's why you get stuck in a authz loop.

take a look at your guest portal configurations>>guest type.

your "wireless guess" policy is matching on " "GuestEndpoints", so you need to make sure you assign the guest device to GuestEndpoints in Guest Types.

Screen Shot 2017-07-31 at 11.31.15 PM.png

View solution in original post

Cisco Employee

Re: ISE Central Web Authentication

Hi Nyi,

Its hard for me to say as I dont know how you setup your authz profile

Basically you should have 2 rules , the second one being the redirect and the first to permit access .

The second rule is the first rule to be hit ( match the re-direction ) once user logins he is sent a CoA for re-authentication and will hit the first rule which permits the access.

Check this guide to verify your setup.

How To: ISE Guest & Web-Authentication Design Guide

Danny