
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-22-2018 01:29 PM
We are running ISE 2.1 patch 5. After guest clicks on Accept we still get the redirection URL and we found that the Identity Group Assignment is never switched to GuestEndpointGroups.
Does this look like a bug ? There is nothing wrong with the configuration.
Solved! Go to Solution.
- Labels:
-
Identity Services Engine (ISE)
Accepted Solutions

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-22-2018 01:47 PM
By default (unless something was changed in profiler, etc) it wouldn’t be in an endpoint group until you went through the guest flow.
Is this a fresh install? Why aren’t you on patch 6?
Your policy should be
If wireless_mab and guestendpoint then permit access
If wireless_mab then redirect
Otherwise please open a tac case

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-22-2018 01:33 PM
I have a concern with the switching identity group part
Are you saying that its in one identity group in the beginning and then you want to switch?
Guest is mean to take unknown fresh endpoint and move it into the guestendpointgroup.
I don’t believe we support switching identity group through the portal after its already in another group

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-22-2018 01:39 PM
Initially it is profiled as Workstation and is placed into Workstation meanwhile the endpoint gets a web redirection.
Then after the guest registers shouldn't it get placed into GuestEndpoints Identity Group ?

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-22-2018 01:47 PM
By default (unless something was changed in profiler, etc) it wouldn’t be in an endpoint group until you went through the guest flow.
Is this a fresh install? Why aren’t you on patch 6?
Your policy should be
If wireless_mab and guestendpoint then permit access
If wireless_mab then redirect
Otherwise please open a tac case

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-22-2018 02:01 PM
It's not a fresh install (even though we might plan a patch upgrade) and we have the same authorization policies like you mentioned.
If wireless_mab and guestendpoint then permit access
If wireless_mab then redirect
The endpoint connects and gets profiled as Windows7-Workstation while it gets the URL redirection but remains there even after the guest registers and accepts and hence hits the default rule again.
We have referred the guestendpoint group correctly in the guest portal.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-22-2018 02:10 PM
is the guest portal set to register the endpoint? guest device registration settings for the portal?
Were any of the profiler setting changed? for workstation?
Do you have a fresh setup to compare it to?
I would suggest a tac case

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-25-2018 10:34 AM
My bad. We were missing Registration
