Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
894
Views
1
Helpful
3
Replies

Captive Portal Login with specific Internal user Group.

Go to solution
geeyc5113
Level 1
Level 1

‎07-01-2017 06:29 PM

Hi,

I want to create a captive portal for a specific group of users only.  But anyone can still reach the portal but unable to login.

Example:

I have create 10 users in internal user database, with 5 users in Group A and 5 users in group B.  All of them are able to connect to the SSID and able to be redirected to the captive portal.  I want that only users from group B are able to be authenticated with this captive portal.  As for now, I can only select the "Internal user" as the authentication source, how can I specify only group B from the internal store?

1 Accepted Solution

Accepted Solutions

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎07-02-2017 05:54 AM

There is no way to do that

You would have to setup an authorization rule after the initial web auth to block them

Example if GroupA then permit access

If groubB redirect to hotspot as a message portal (example in guest and web auth community page or HTML page in ise 2.2) with message stating you are blocked

https://communities.cisco.com/docs/DOC-64018?mobileredirect=true

Otherwise you would have to setup ise proxy to itself. There is a close example on how this is done in this link

https://communities.cisco.com/message/217594?mobileredirect=true

Sent from my iPhone

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎07-02-2017 05:54 AM

There is no way to do that

You would have to setup an authorization rule after the initial web auth to block them

Example if GroupA then permit access

If groubB redirect to hotspot as a message portal (example in guest and web auth community page or HTML page in ise 2.2) with message stating you are blocked

https://communities.cisco.com/docs/DOC-64018?mobileredirect=true

Otherwise you would have to setup ise proxy to itself. There is a close example on how this is done in this link

https://communities.cisco.com/message/217594?mobileredirect=true

Sent from my iPhone

0 Helpful

Go to solution
geeyc5113
Level 1
Level 1
In response to Jason Kunst

‎07-03-2017 12:02 AM

If I need to setup the authorization rule to filter out the group, example to filter out Group B user while allow Group A user,  when Group B user trying to login the captive portal, we can see the user match the authentication store, but fail to match any rule in authorization policy and thus go to default policy, which is deny access.  From user experience, user may not know why they are unable to login.

I am thinking to do that when user from Group B trying to login, the captive portal will show the message " No user found" or "invalid user name", so that the user know that they are not allowed to login using their credential.

Perhaps Cisco can improve this.

Anyway, thanks for the feedback.

0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to geeyc5113

‎07-10-2017 10:52 AM

Please request through your sales team.

Recommendation is to redirect BAD group to another portal or HTML file (ISE 2.2)

https://communities.cisco.com/thread/64870?start=0&tstart=0

0 Helpful
Customers Also Viewed These Support Documents