cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1148
Views
0
Helpful
4
Replies
Keith Clayton
Beginner

ISE 1.4 Guest Portal URL

Hi,

Currently running ISE 1.4 is there a way to define the guest portal url the guests users are redirected to the IP addresses rather than the URL which is giving certificate errors,  I'm  not seeing any option to set the URL/FQDN within the guest portal

4 REPLIES 4
eric.lessard
Beginner

hello,

look to your authorisation profile right below the Web redirection

you will find: Static IP/Host name/FQDN

hope it helps

I can only get the portal working when using the ip address which gives a certificate warning when I enter the FQDN the client is not able to resolve the name, the client DNS setting is pointing to 8.8.8.8 to reslove public dns google etc.. how do i get the client to resolve to the guest portal name ?

I struggled with the same issue and the only answer I can think of is to have a DNS server in your DMZ with specific entries that the guest network has access to, or use the Static IP/Host name/FQDN. The irritating thing is that it is no longer possible to add an internal IP range to an external certificate, so a private IP address will always show a cert warning for externally cert authorities.

If using MAB and you use the static ISE IP entry and your guest network doesnt have access to the Network that ISE sits on, then (as far as I understand it) the portal will never load as ISE drops you on the guest network and then redirects to the portal.

If you use dot1x then you can use COA to move from a network that has access to ISE for the portal, to the guest network on authentication.

Have you tried to set "ip host" at PSN CLI?

http://d2zmdbbm9feqrf.cloudfront.net/2015/anz/pdf/BRKSEC-3697.pdf

You must use  an alias to a local address

ip host <local addr><local FQDN> <Public FQDN>

ise-psn1/admin(config)# ip host 10.1.91.5 ise-psn1-guest ise-psn1-guest.company.com

Content for Community-Ad