Cisco Community
English
Register
The War in Ukraine - Supporting customers, partners and communities. LEARN MORE
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1133
Views
0
Helpful
5
Replies
Jiri Krystynek
Beginner
Beginner
‎12-05-2019 10:05 PM
‎12-05-2019 10:05 PM

ISE 2.7 guest flow issue

Hi,

I tried guest flow in ISE 2.7 and I'm facing issue with initial MAC authentication for redirect. I have standard configuration - identity source Guest Users with "If User now found" option set to Continue - the standard settings I guess.

When the MAC arrive from WLC the authentication fails with Process fail. When I set identity source Internal Endpoints it works. Something changed in the 2.7 version or it's a bug?

Thanks,

Jiri

0 Helpful
1 ACCEPTED SOLUTION

Accepted Solutions
Jiri Krystynek
Beginner
Beginner
‎12-09-2019 05:01 AM
‎12-09-2019 05:01 AM

Hi,

 

changing identity source to Internal Endpoints fixed the issue.

Thank you for the help.

 

Jiri

View solution in original post

0 Helpful
5 REPLIES 5
howon
Cisco Employee
Cisco Employee
‎12-06-2019 04:14 PM
‎12-06-2019 04:14 PM

For ISE Central WebAuth, it always has been required to setup Internal Endpoints for the identity source in the policy set. The guest users or any other identity source sequence is defined on the portal it self.

0 Helpful
Jason Kunst
Cisco Employee
Cisco Employee
‎12-08-2019 09:34 AM
‎12-08-2019 09:34 AM

@Jiri Krystynek wrote:

Hi,

I tried guest flow in ISE 2.7 and I'm facing issue with initial MAC authentication for redirect. I have standard configuration - identity source Guest Users with "If User now found" option set to Continue - the standard settings I guess.

When the MAC arrive from WLC the authentication fails with Process fail. When I set identity source Internal Endpoints it works. Something changed in the 2.7 version or it's a bug?

Thanks,

Jiri

Depends on how you configured it. If you used the defaults policies then it should work. If you created a new auth policy then you will likely need to change it

https://community.cisco.com/t5/security-documents/ise-guest-access-prescriptive-deployment-guide/ta-p/3640475

0 Helpful
Jiri Krystynek
Beginner
Beginner
In response to Jason Kunst
‎12-08-2019 01:40 PM
‎12-08-2019 01:40 PM

Hi,

 

thank you all for the replies. I'm using ISE guest for several years and version with Guest Users identity sources and everything worked fine. I thought that it's needed for the second authentication (guest account). Probably it works a little different that I thought. Never mind I can change it easily.

But still there's something different in the 2.7. I don't think it should end up with process failed, I would expect that it ends on User not Found.

 

Thanks,

Jiri

0 Helpful
Jiri Krystynek
Beginner
Beginner
‎12-09-2019 05:01 AM
‎12-09-2019 05:01 AM

Hi,

 

changing identity source to Internal Endpoints fixed the issue.

Thank you for the help.

 

Jiri

0 Helpful
Jason Kunst
Cisco Employee
Cisco Employee
In response to Jiri Krystynek
‎12-09-2019 08:34 AM
‎12-09-2019 08:34 AM

@Jiri Krystynek wrote:

Hi,

 

changing identity source to Internal Endpoints fixed the issue.

Thank you for the help.

 

Jiri

Was it a new policy set or the built-in please?

0 Helpful
Latest Contents
Cisco ISE Integration With F5 BIG-IP LTM Load Balancer for G...
Created by Meddane on 05-15-2022 02:24 AM
0
0
0
0
I shared with you this detailed document I created with 27 pages about Cisco ISE Integration With F5 BIG-IP Locar Traffic Manager LTM Load Balancer for Guest Acces.   The method used for Guest Access is the Self-Registration. Healt Monitor using HTTP... view more
Cisco ASA 9.714 version SNMP not working in EVE-NG LAB Envir...
Created by waqas.muhammad49 on 05-10-2022 06:56 AM
0
0
0
0
I created an IPSEC Site to site Tunnel between two ASA Firewalls in EVE-NG topology and i want to plot the IPSEC Site to Site VPN graph on PRTG ? The SNMP Walk command is not getting any output . As the firewall is making SNMP inbound connections with the... view more
ISE Integration with Eduroam External Server
Created by deepuvarghese1 on 05-09-2022 08:31 PM
3
20
3
20
The purpose of this document is to demonstrate how ISE can integrate with an eduroam external server which is a WI-Fi roaming service that provides international access to devices in education, research, and higher education. Students, teachers, and resea... view more
SSL Decryption with Decrypt-Resign On Cisco FTD In-depth lec...
Created by Meddane on 05-05-2022 04:44 AM
0
0
0
0
On Cisco Firepower Threat Defense there are two ways to do SSL Decryption (two actions in the SSL Policy).Decrypt-Resign: for outbound connection (from an inside PC to an external server).Decrypt-Known-Key: for inbound connection (from an external PC to y... view more
Stop ransomware and zero-day threats with Cisco Secure Endpo...
Created by Sohaib Ahmed on 04-26-2022 05:24 PM
0
5
0
5
Cisco Secure Endpoint offers several protection engines which fight against threats like ransomware and zero-day. Are you an admin looking for protection on a short to mid-term basis or beginning to roll out protection across your organisation? The best p... view more
Ask a Question
Create
+ Discussion
+ Blog
+ Document
+ Video
+ Project Story
Find more resources
Discussions
Blogs
Documents
Events
Videos
Project Gallery
New Community Member Guide
Related support document topics
Recognize Your Peers
Spotlight Award Nomination
Content for Community-Ad

ISE Webinars

Miss a previous ISE webinar?
Never miss one again!

CiscoISE on YouTube