cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
161
Views
1
Helpful
3
Replies

Guest's client not assigned to Endpoint Group as per Guest User config

bassomarco1998
Level 1
Level 1

Hi all,

I'm encountering an unusual issue with the Guest authentication process. We have a sponsor portal where each guest registering is assigned the "Self_Guest" type.
We've configured the "Self_Guest" user type to store client MAC addresses in a specific Endpoint Identity Group (EIG) called "Guest_Group."
However, after several attempts, I noticed that the client MAC addresses are being saved in the default "Unknown" EIG rather than the "Guest_Group" EIG as intended.
Since our AuthZ policies rely on the correct EIG, this is preventing proper guest authentication.
Has anyone experienced this issue before?
Thanks

3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

Personally i would not suggest MAC address using for Guest Authenticaiton.

New devices have Random MAC, then you will end up different results.

random MAC example  for guest user :

https://www.ise-support.com/2020/09/20/guest-access-and-randomized-mac-addresses/

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Why not use the GuestFlow condition instead?

Would you mind sharing the screenshots of how you configured the "Self_Guest" user type for review?