Solved: Set the guests to be created

evanspall · ‎06-25-2014

Hi all,

I have been using the Guest functionality in ISE 1.1.4 (and previous versions) for a long time now and I've always been frustrated with it. I am now in the process of setting up an alternate Guest network that uses dot1x to reference the Internal Users ID source (where all registered guests are stored) in ISE to authenticate clients.

It seems to work perfectly for any activated guests, but any newly created account gets the following...

RADIUS Status:

Authentication failed : 24206 User disabled

Is there any way to circumnavigate the activation through the use of the CWP and thus make it possible for newly registered guests authenticate using dot1x?

Will changing the Guest Portal Policy Configuration (Not Used/First Logon/Every Logon) or Authentication Type (Guest/CWA/Both) solve this? Weary of changing it on the fly in production environment.

Thanks

Saurav Lodh · ‎06-27-2014

http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine-software/115802-radius-authentication-00.html

View solution in original post

mohanak · ‎06-26-2014

Message Code

Message Class

Message Text

Message Description

Severity

24206

Local-user-DB

User disabled

User marked disabled in Internal database.

Info

Saurav Lodh · ‎06-27-2014

http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine-software/115802-radius-authentication-00.html

evanspall · ‎06-29-2014

Ah perfect.

Thanks a lot.

jan.nielsen · ‎06-28-2014

Set the guests to be created in the activatedguests group instead of the regular "guests" group and they should be usable right after they are created

evanspall · ‎06-29-2014

how exactly do you configure that?

evanspall · ‎06-29-2014

Nevermind.

Answered in the article salodh linked

Guest WiFi using Dot1x