Cisco Community
English
Register
We're here for you! LEARN about free offerings and business continuity best practices during the COVID-19 pandemic
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

246
Views
0
Helpful
5
Replies
Jiri Krystynek
Jiri Krystynek Beginner
Beginner
‎12-05-2019 10:05 PM
‎12-05-2019 10:05 PM

ISE 2.7 guest flow issue

Hi,

I tried guest flow in ISE 2.7 and I'm facing issue with initial MAC authentication for redirect. I have standard configuration - identity source Guest Users with "If User now found" option set to Continue - the standard settings I guess.

When the MAC arrive from WLC the authentication fails with Process fail. When I set identity source Internal Endpoints it works. Something changed in the 2.7 version or it's a bug?

Thanks,

Jiri

Everyone's tags (4)
0 Helpful
Reply
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Jiri Krystynek
Jiri Krystynek Beginner
Beginner
‎12-09-2019 05:01 AM
‎12-09-2019 05:01 AM

Re: ISE 2.7 guest flow issue

Hi,

 

changing identity source to Internal Endpoints fixed the issue.

Thank you for the help.

 

Jiri

View solution in original post

0 Helpful
Reply
5 REPLIES 5
Highlighted
howon
howon Cisco Employee
Cisco Employee
‎12-06-2019 04:14 PM
‎12-06-2019 04:14 PM

Re: ISE 2.7 guest flow issue

For ISE Central WebAuth, it always has been required to setup Internal Endpoints for the identity source in the policy set. The guest users or any other identity source sequence is defined on the portal it self.

0 Helpful
Reply
Highlighted
Jason Kunst
Jason Kunst Cisco Employee
Cisco Employee
‎12-08-2019 09:34 AM
‎12-08-2019 09:34 AM

Re: ISE 2.7 guest flow issue

@Jiri Krystynek wrote:

Hi,

I tried guest flow in ISE 2.7 and I'm facing issue with initial MAC authentication for redirect. I have standard configuration - identity source Guest Users with "If User now found" option set to Continue - the standard settings I guess.

When the MAC arrive from WLC the authentication fails with Process fail. When I set identity source Internal Endpoints it works. Something changed in the 2.7 version or it's a bug?

Thanks,

Jiri

Depends on how you configured it. If you used the defaults policies then it should work. If you created a new auth policy then you will likely need to change it

https://community.cisco.com/t5/security-documents/ise-guest-access-prescriptive-deployment-guide/ta-p/3640475

0 Helpful
Reply
Highlighted
Jiri Krystynek
Jiri Krystynek Beginner
Beginner
‎12-08-2019 01:40 PM
‎12-08-2019 01:40 PM

Re: ISE 2.7 guest flow issue

Hi,

 

thank you all for the replies. I'm using ISE guest for several years and version with Guest Users identity sources and everything worked fine. I thought that it's needed for the second authentication (guest account). Probably it works a little different that I thought. Never mind I can change it easily.

But still there's something different in the 2.7. I don't think it should end up with process failed, I would expect that it ends on User not Found.

 

Thanks,

Jiri

0 Helpful
Reply
Highlighted
Jiri Krystynek
Jiri Krystynek Beginner
Beginner
‎12-09-2019 05:01 AM
‎12-09-2019 05:01 AM

Re: ISE 2.7 guest flow issue

Hi,

 

changing identity source to Internal Endpoints fixed the issue.

Thank you for the help.

 

Jiri

View solution in original post

0 Helpful
Reply
Highlighted
Jason Kunst
Jason Kunst Cisco Employee
Cisco Employee
‎12-09-2019 08:34 AM
‎12-09-2019 08:34 AM

Re: ISE 2.7 guest flow issue

@Jiri Krystynek wrote:

Hi,

 

changing identity source to Internal Endpoints fixed the issue.

Thank you for the help.

 

Jiri

Was it a new policy set or the built-in please?

0 Helpful
Reply
Latest Contents
FMT (Firepower Migration Tool) support for PAN (Palo Alto Ne...
Created by Aditya Ganjoo on 04-09-2020 10:28 PM
1
20
1
20
Hello All,   It gives me great pleasure to announce that FMT 2.1 supports the migration of the Palo Alto firewall to FTD.   Tool flawlessly migrates the following component of PA configuration Interfaces Zones Network Object and Groups Service... view more
ASA S2S VPN Firewall Creation
Created by suchit.s@hcl.com on 04-09-2020 08:59 PM
0
0
0
0
Hi All, I was building VPN firewall using two Cisco ASA 5516 boxes. I want to use single ISP shared between both ASA. I've chosen two Public IPs and configured on ASA units. I've picked another IP for VPN Load-Balancing. Does this support for S2... view more
AnyConnect VPN Migration from ASA 5505 to ASA 5506-x with Se...
Created by Evanjrosado on 04-09-2020 01:59 PM
0
0
0
0
Hi Everyone,  hoping that someone can help me out. I just migrated my AnyConnect VPN configuration from a 5505 to 5506x FW. The configuration looks fine after checking but when client try connected to the below group-url they say that they get a... view more
AnyConnect Syslog Configuration Example
Created by pcarco on 04-07-2020 10:54 AM
0
5
0
5
This article is intended to be a simple example of configuring AnyConnect relevant syslog messages to be sent from the ASA to a Syslog server.  The syslog server in this example is Spunk but almost any syslog server should be do the job.   The ... view more
NGFW Sprint 2020 Release is Here!
Created by suhegade on 04-07-2020 02:48 AM
0
0
0
0
NGFW Spring 2020 Releases   It’s official! FTD 6.6, ASA 9.14.1, and FXOS 2.8 have been released. We want to thank the hundreds of team members for the tens of thousands of man-hours dedicated to driving this critical release over the finish line. 120... view more
CreatePlease to create content
Discussion
Blog
Document
Video
Content for Community-Ad
Spotlight Awards- February 2020

Follow our Social Media Channels