Hotspot portal not assigning endpoints to identity group

Omi+ · ‎09-03-2025

Hi, We have hotspot portal (created using ISE portal builder) in ISE 3.3, guest user successfully authenticates and receives AUP page but after accepting AUP , mac address is not getting added to right endpoint identity group. Because of that it is not hitting the Authz rule that matches with that identity group and guest users get stuck in the guest redirection loop.

Sometimes, endpoints gets added to the identity group after AUP acceptance and everything works and sometimes not.Issue is intermittent.

MHM Cisco World · ‎09-03-2025

can I see ISE policy ?

MHM

Omi+ · ‎09-03-2025

If wireless_mab and guestendpoint then permit access ---1st Authz policy

If wireless_mab then redirect ---2nd Authz policy

MHM Cisco World · ‎09-03-2025

All user or some have this issue ?

These user with issue are it wifi android user?

MHM

Omi+ · ‎09-03-2025

If issue appears then it is for all users who are hitting on that PSN node. android, iPhone, windows machines

poongarg · ‎09-07-2025

If the issue is with specific PSN node, then I would suggest to perform a manual sync of that PSN with PAN node.

Omi+ · ‎09-08-2025

it is not specific to any PSN. we have 3 PSN nodes, all of them are having this issue.

MHM Cisco World · ‎09-08-2025

You use some type of load balance?

Try make WLC for specific ssid use one PSN and check.

It can the user hotspot to one PSN and then use different PSN for re-auth

MHM

Aref Alsouqi · ‎09-09-2025

I would recommend working with TAC on this as it could potentially be an issue with ISE database. In the meantime you could try to create a new authorization rule and use the "Guest_Flow" condition and see if that makes any difference.