This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC!
We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
Hi,
I tried guest flow in ISE 2.7 and I'm facing issue with initial MAC authentication for redirect. I have standard configuration - identity source Guest Users with "If User now found" option set to Continue - the standard settings I guess.
When the MAC arrive from WLC the authentication fails with Process fail. When I set identity source Internal Endpoints it works. Something changed in the 2.7 version or it's a bug?
Thanks,
Jiri
Solved! Go to Solution.
Hi,
changing identity source to Internal Endpoints fixed the issue.
Thank you for the help.
Jiri
For ISE Central WebAuth, it always has been required to setup Internal Endpoints for the identity source in the policy set. The guest users or any other identity source sequence is defined on the portal it self.
@Jiri Krystynek wrote:
Hi,
I tried guest flow in ISE 2.7 and I'm facing issue with initial MAC authentication for redirect. I have standard configuration - identity source Guest Users with "If User now found" option set to Continue - the standard settings I guess.
When the MAC arrive from WLC the authentication fails with Process fail. When I set identity source Internal Endpoints it works. Something changed in the 2.7 version or it's a bug?
Thanks,
Jiri
Depends on how you configured it. If you used the defaults policies then it should work. If you created a new auth policy then you will likely need to change it
Hi,
thank you all for the replies. I'm using ISE guest for several years and version with Guest Users identity sources and everything worked fine. I thought that it's needed for the second authentication (guest account). Probably it works a little different that I thought. Never mind I can change it easily.
But still there's something different in the 2.7. I don't think it should end up with process failed, I would expect that it ends on User not Found.
Thanks,
Jiri
Hi,
changing identity source to Internal Endpoints fixed the issue.
Thank you for the help.
Jiri
@Jiri Krystynek wrote:
Hi,
changing identity source to Internal Endpoints fixed the issue.
Thank you for the help.
Jiri
Was it a new policy set or the built-in please?