Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1243
Views
0
Helpful
5
Replies

Guest Device Compliance Settings - Missing

Go to solution
creserva1
Level 1
Level 1

‎06-09-2018 09:44 AM

I am getting this Java requirements after login using CWA. It says on https://www.cisco.com/c/en/us/td/docs/security/ise/2-3/admin_guide/b_ise_admin_guide_23/b_ise_admin_guide_23_chapter_011…

I also found this similar issues Problem with portal guest Cisco ISE

It is missing on my guest portal. I am using 2.3.0.298

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Craig Hyps
Level 10
Level 10

‎06-11-2018 05:48 PM

Verify portal is a sponsor or self-reg portal (not Hotspot).  I can think of a few settings that may trigger including Web Agent and DHCP renewal applet...

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Craig Hyps
Level 10
Level 10

‎06-11-2018 05:48 PM

Verify portal is a sponsor or self-reg portal (not Hotspot).  I can think of a few settings that may trigger including Web Agent and DHCP renewal applet...

0 Helpful

Go to solution
creserva1
Level 1
Level 1
In response to Craig Hyps

‎06-13-2018 03:09 PM

Opened case with cisco and yes it was that settings "Enable VLAN DHCP release". Thanks

0 Helpful

Go to solution
Damien Miller
VIP Alumni
VIP Alumni
In response to creserva1

‎06-13-2018 03:39 PM

I would say that it's not recommended to use ip release /renew feature on the guest portals. The support for this has faded from browsers.

This relies on Java and the only browser I know that currently supports this is internet explorer. If a guest uses Chrome, Firefox, or safari, then they will have problems.

I worked with tac recently and filed a new bug in 2.4 because this feature is not working anymore. Something has changed and the coa/vlan change is not applying after the first guest login. You log in a second time and the vlan change applies.

0 Helpful

Go to solution
Craig Hyps
Level 10
Level 10
In response to Damien Miller

‎06-13-2018 04:54 PM

Agree this option is not generally recommended.  Question was more specific to Java warning and what may have triggered it.  For reasons cited, it would be better to avoid any VLAN change for web auth flow (no supplicant to detect VLAN change). For wireless it may be possible to assign a new interface which shares same IP address space, or use ACLs or SGTs to apply different traffic policy without flipping VLANs/subnets.

0 Helpful

Go to solution
creserva1
Level 1
Level 1
In response to Damien Miller

‎06-14-2018 05:53 AM

Actually I had this turned on "Enable VLAN DHCP  release" and the solutions was to turn it off. I must have been playing with settings and forgot to revert it back to default which is off by default..

0 Helpful
Top