02-26-2017 06:55 AM
Hi Guys,
On a previous post I had a question about Wired Guest Flow scenario that required a VLAN switch and an IP renew on the new VLAN.
Jason Kunst had recommended many solutions to resolve the issue my customer was experiencing.
Now My customer wants to look at applying the below solution for the VLAN switch / DHCP IP renew scenario.
Jason:·"Have the user login with CWA and then Register the endpoints by redirecting to a hotspot portal that will disconnect them after registration and cause a new connection on the new VLAN coming through"
Unfortunately I am not sure exactly how to configure the above flow recommended by Jason. Please see attached screenshot of what I currently have. How do I introduce the Hotspot Portal to this Policy along with CWA?
Thanks in advance
Nadeem Khan
Solved! Go to Solution.
02-27-2017 06:53 AM
Not exactly sure of the needed flow and types of users
Recommended disabling auto registration on the credentialed portal you are using
yes inject a rule between the initial redirect and then the final permission off endpoint group with the following
Create a guest type called VLANCHANGE and use for self-reg
Create an endpoint group VLANCHANGE
if Guest_flow and guest_type VLANCHANGE equals X then redirect to hotspot portal that registers into endpoint group VLAN CHANGE, make sure Hotspot Portal is set to terminate not re-auth (ISE 2.1 patch 1 and higher)
The flow would be like this
1. User redirected to credentialed portal
2. after login, COA takes place and redirected to hotspot portal for device registration
3. After registration COA disconnect is sent
4. device comes back in using endpoint group authorization in new VLAN