Hello,

While setting up a standard wireless guest registration portal with device autoregistration on ISE2.0/2.1, we've realised that when we validate the initial guest redirection and subsequent source on WLC we see the username on the Monitor Clients tab of the WLC.

then the client disappears from the network and when it reassociates, as its endpoint was registered, the mac address is allowed in directly as it should. But on the WLC monitor clients tab, we only see the mac address  of the endpoint. We have no information of the guest portal user associated to the endpoint.

we thought about returning the RADIUS-Username = Guest Portal User attribute in the RADIUS-Access-Accept message that ISE sends back to the WLC allowing the client in.

But when going to the authorization result page, we have no way of adding RADIUS-Username on attribute (it doesn't appear on the options).

Does anyone know of any other way of doing this?

The RFC states that:

Description

      This Attribute indicates the name of the user to be authenticated.
      It MUST be sent in Access-Request packets if available.

      It MAY be sent in an Access-Accept packet, in which case the
      client SHOULD use the name returned in the Access-Accept packet in
      all Accounting-Request packets for this session.  If the Access-
      Accept includes Service-Type = Rlogin and the User-Name attribute,
      a NAS MAY use the returned User-Name when performing the Rlogin
      function.

This would be an elegant way of solving the issue...