Re: Guestusers configured to bypass guest portal fail with msg userdisabled - CSCva84435

Gagandeep Singh · ‎04-05-2018

Hi Team,

Customer has a query if this bug has been fixed in any release or patch on ISE.

Seen several requests on this bug and it turned out to be mis-configuration.

To avoid hitting the error, the customers need to enable "guest portal bypass". Customer doesn't want to enable because need AUP page.

Customer using secure SSID with hotspot portal. Need to use a secured SSID, so guests enter their credentials on their device to get onto the SSID, then are redirected to an AUP page before being granted full access. It was all working fine on 1.4 prior upgrading to 2.2

Looking for fix of the bug.

Any help would be appreciated.

Regards

Gagan

paul · ‎04-05-2018

What isn't working in 2.2? There are no guest users in a Hotspot portal. The sole purpose of the hotspot portal is to present AUP.

Gagandeep Singh · ‎04-05-2018

Thanks for the reply.

Setup used to work in 1.4. Since upgrade to 2.2 stopped working.

Try to authenticate with guest credential using dot1x (will fail)

I found a Junked bug

CSCvg89759 Guest user Suspend-Reinstate Allows to bypass Guest portal

tac-repro from bug:

Configure one user type not to have "Allow guest user to bypass portal" (disabled by default)

Login to sponsor portal

Create user of said user type

Try to authenticate with guest credential using dot1x (will fail)

On sponsor portal - suspend and re-instate user.

Authenticate with this user again - will succeed.

Not sure if this bug has been fixed or not in some release. Customer doesn't want to apply the workaround.

Regards

Gagan

Jason Kunst · ‎04-05-2018

I would suggest you work with tac to investigate

hslai · ‎04-10-2018

CSCva84435 is currently not reproducible. If you are able to, please contact the engineering team directly.