Solved: Guest Users issue

benolyndav · ‎10-29-2020

Hi

Once guest wireless users have authenticated ISE doesn’t take them to the url anymore it used to, it takes some users on some devices back to sign in page and other users on other devices it says page was not reachable does anyone have any idea where I should start looking into this issue. ISE 2.4

see attached

Thanks

CarlCarlson1234 · ‎10-30-2020

Based on the information available from your post, this sounds like a logic issue with your policy sets. If a guest user authenticates and gets sent back to the guest login portal, that usually indicates your guest policy isn't checking for "network usecase equals guest flow", which gets inserted into the session when a user successfully authenticates a guest flow. You should have a guest policy that checks for this and then permits access/does not apply the redirect acl. As for the "page is not reachable" to me that sounds like the device is trying to load a site from cache, not 100% sure this info is accurate.

I would test authentication then look at the live logs for the endpoint. Validate that the device is actually hitting an authorization policy that permits access and isn't looping through the guest forward result.

View solution in original post

CarlCarlson1234 · ‎10-30-2020

Based on the information available from your post, this sounds like a logic issue with your policy sets. If a guest user authenticates and gets sent back to the guest login portal, that usually indicates your guest policy isn't checking for "network usecase equals guest flow", which gets inserted into the session when a user successfully authenticates a guest flow. You should have a guest policy that checks for this and then permits access/does not apply the redirect acl. As for the "page is not reachable" to me that sounds like the device is trying to load a site from cache, not 100% sure this info is accurate.

I would test authentication then look at the live logs for the endpoint. Validate that the device is actually hitting an authorization policy that permits access and isn't looping through the guest forward result.