cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5553
Views
5
Helpful
2
Replies

Cisco ISE with cisco-av-pair

parcvista
Level 1
Level 1

Hi All

I am deploying a Cisco ISE together with a WLC to provide guest services. After the authentication the users will be redirected to the device registration page, this is done via the radius attribute "cisco-av-pair = url-redirect=https://FQDN:8443/guestportal/gateway?sessionId=SesionIdValue&portal=..." returned by the ISE. My problem is that there is no internal DNS server in the guest network (point to public DNS servers), so the clients cannot resolve the FQDN. We can manually add the redirect URL, however the SessionIdValue in the URL is a dynamic value, is there a way to put a dynamic value in the attributes manually?

Thanks a lot!

Leo

2 Replies 2

Tarik Admani
VIP Alumni
VIP Alumni

Hi,

Is your ISE suffix public...i.e *.com? If so just publish your dns records with your service provider and have it resolve to the private ip. If this is not an option then you will have to deploy a separate dns server for guest services.

Thanks,

Tarik Admani
*Please rate helpful posts*

Thanks Tarik, I saw u helped a lot of ppl on ISE configuration, really appreciate for your help.

In ISE there is a place to set the default URL for Sponsor and My device, not sure why not for Guest portal. As the DNS server is not available at this moment, we are using the WLC to do the redirect (so not CWA), the downside is we cannot have a whitelist since all request will be redirected to the guest portal.

Thanks,

Leo