Solved: Re: Cisco ISE limit user

Amen · ‎06-20-2022

We use the Cisco ISE Visitor portal with device registration for Guest users.
We have one single guest user account per day for ALLguests users. We have over 999 registered devices per day.

Is there a way to remove the 999 device limit per guest user in one way or another?
Is the limit changed in higher versions than ISE 2.6 ?

we use 2.6 Patch 9

Charlie Moreton · ‎06-21-2022

The way I get around this limit is to use 3 different internal accounts. This will give me 999x3 allowable sessions. First, you have to create the accounts in ISE, then in the guest portal, you can use the following script in Optional Data 2:

<script>
jQuery('#portalloginForm .cisco-ise-form-buttons:last').append("<div class='ui-submit ui-btnui-shadow'><input type='submit' value='Internet Only' class='hotspot-btn'/></div>");
jQuery('.hotspot-btn').on('click', function(evt){
        evt.preventDefault();
var accounts=["iseguest","iseguest2","iseguest3"];
var username=accounts[parseInt(Math.random()*3)];
        jQuery("input[name='user.username']").val(username);
        jQuery("input[name='user.password']").val("ISEisC00L");
        jQuery("#ui_login_signon_button").trigger('click');
    });
</script>

You can see the sample usernames and password in the script. I first validated this script on ISE 1.4, and I've just tested this on ISE 3.1, so no issues there.

This script leaves the username/password fields so that you can log in or click the Internet Only button to bypass and use one of the 3 accounts in the script.

Then you can even give these users differentiated access via an Authorization Profile

View solution in original post

Greg Gibbs · ‎06-20-2022

There has been no change to this limit. The same limit exists the most current version of ISE 3.1.

You might need to consider moving from a Sponsored/Registered Guest design to using a Hotspot model. I'm not sure what value is gained from a Sponsored/Registered Guest design if all of your guests use the same single account.

Marcelo Morais · ‎06-20-2022

Hi @Amen ,

beyond what @Greg Gibbs said ... please take a look at: CSCvr22616 Enhancement: Increment the limit of my devices portal above 999 devices.

Hope this helps !!!

Charlie Moreton · ‎06-21-2022

The way I get around this limit is to use 3 different internal accounts. This will give me 999x3 allowable sessions. First, you have to create the accounts in ISE, then in the guest portal, you can use the following script in Optional Data 2:

<script>
jQuery('#portalloginForm .cisco-ise-form-buttons:last').append("<div class='ui-submit ui-btnui-shadow'><input type='submit' value='Internet Only' class='hotspot-btn'/></div>");
jQuery('.hotspot-btn').on('click', function(evt){
        evt.preventDefault();
var accounts=["iseguest","iseguest2","iseguest3"];
var username=accounts[parseInt(Math.random()*3)];
        jQuery("input[name='user.username']").val(username);
        jQuery("input[name='user.password']").val("ISEisC00L");
        jQuery("#ui_login_signon_button").trigger('click');
    });
</script>

You can see the sample usernames and password in the script. I first validated this script on ISE 1.4, and I've just tested this on ISE 3.1, so no issues there.

This script leaves the username/password fields so that you can log in or click the Internet Only button to bypass and use one of the 3 accounts in the script.

Then you can even give these users differentiated access via an Authorization Profile