03-15-2018 03:16 AM - edited 02-21-2020 10:48 AM
Hi,
I created wireless guest portal on ISE which redirects to guest VLAN once authenticated. I'm using Sponsored Guest Portal with VLAN DHCP Release Page settings.
The policy is working but after guest input the username and password, portal shows that he needs to manually renew its IP address. So I disconnect to that SSID and reconnect again (re-connection does not ask for username and password again, it allow access).
My question is:
Is there a way to automatically change the VLAN of the guest after authentication without reconnecting to same SSID?
Thanks in advance!
- Mady
Solved! Go to Solution.
03-19-2018 02:38 AM - edited 03-19-2018 02:41 AM
Hi Mady,
Unfortunately, there's no simple answer to this issue.
From user guide:
The navigation path for this page is Work Centers > Guest Access > Portals & Components > Configure > Guest Portals > Create, Edit or Duplicate > Portal Behavior and Flow Settings > VLAN DHCP Release Page Settings.
Enable VLAN DHCP release—Refresh a guest's IP address for Windows and Mac OS devices after a VLAN change in both wired and wireless environments.
This affects the Central WebAuth (CWA) flow during final authorization, when the network access changes the guest VLAN to a new VLAN. The guest’s old IP address must be released before the VLAN change, and a new guest IP address must be requested through DHCP when the guest connects to the new VLAN. The IP address release renew operation varies by the browser and operating system used; Internet Explorer uses ActiveX controls, and Firefox and Google Chrome use Java applets. For non-Internet Explorer browsers, Java must be installed and enabled on the browser.
The VLAN DHCP Release option does not work on mobile devices. Instead, guests are requested to manually reset the IP address. This method varies by devices. For example, on Apple iOS devices, guests can select the Wi-Fi network and click the Renew Lease button.
What you could do is to provide a very short lease time to the first IP pool (the one used for initial authentication). When the endpoint tries to renew its IP, it would get an IP from the new VLAN/pool.
Thanks,
Octavian
03-19-2018 02:38 AM - edited 03-19-2018 02:41 AM
Hi Mady,
Unfortunately, there's no simple answer to this issue.
From user guide:
The navigation path for this page is Work Centers > Guest Access > Portals & Components > Configure > Guest Portals > Create, Edit or Duplicate > Portal Behavior and Flow Settings > VLAN DHCP Release Page Settings.
Enable VLAN DHCP release—Refresh a guest's IP address for Windows and Mac OS devices after a VLAN change in both wired and wireless environments.
This affects the Central WebAuth (CWA) flow during final authorization, when the network access changes the guest VLAN to a new VLAN. The guest’s old IP address must be released before the VLAN change, and a new guest IP address must be requested through DHCP when the guest connects to the new VLAN. The IP address release renew operation varies by the browser and operating system used; Internet Explorer uses ActiveX controls, and Firefox and Google Chrome use Java applets. For non-Internet Explorer browsers, Java must be installed and enabled on the browser.
The VLAN DHCP Release option does not work on mobile devices. Instead, guests are requested to manually reset the IP address. This method varies by devices. For example, on Apple iOS devices, guests can select the Wi-Fi network and click the Renew Lease button.
What you could do is to provide a very short lease time to the first IP pool (the one used for initial authentication). When the endpoint tries to renew its IP, it would get an IP from the new VLAN/pool.
Thanks,
Octavian
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide