01-26-2018
09:36 AM
- last edited on
02-21-2020
11:41 PM
by
cc_security_adm
Is it possible to for an endpoint to be in multiple identity groups. Here is the reason I ask:
My client only wants to allow certain types of devices to connect to their guest wireless. However, they don't want to have users enter any sort of creds (this is a retirement facility). So, I figured the best portal in ISE would be the hotspot which is configured to put users in the GuestEndpoints ID group. The way ISE is configured now, the endpoints are stuck in a redirect loop. I have attached the authZ policy that is causing the problem. If I remove the GuestEndpoints ID group from the first rule, then devices like Windows 10 get internet access without being redirected first since they profile differently than an Android/IOS device that uses the HTTP probe.
If that isn't possible, is it possible for a Logical Endpoint Identity group to be part of the Endpoint Identity Groups (i.e. Profiled, Blacklist, etc). Then I could add that to the hotspot portal.
Let me know if you need further information.
TIA,
Dan
01-26-2018 12:54 PM
Hi,
I think you figured out the answer yourself.
You're in a loop just because the condition above the hotspot rule is not matching.
It's not clear from the description you've provided why it's wrong to simply allow anyone to use the hotspot functionality in order to gain internet access. Do you want it only for Android and Apple IOS?
Thanks,
Octavian
01-26-2018 12:58 PM
Thanks for the reply.
The goal is to only allow certain devices like laptops, tablets, phone, etc, but no streaming/gaming/printer devices. The way the authz policy is configured, is that all devices can connect to the hotspot splash page. However, after they click accept and go back through the authz policy, they only want the allowed devices to be able to connect. Maybe this is easier with a blacklist? I don't know....I've never setup a guest wireless network with these restrictions.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide