Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2009
Views
0
Helpful
5
Replies

ISE 2.7 guest flow issue

Go to solution
Jiri Krystynek
Level 1
Level 1

‎12-05-2019 10:05 PM

Hi,

I tried guest flow in ISE 2.7 and I'm facing issue with initial MAC authentication for redirect. I have standard configuration - identity source Guest Users with "If User now found" option set to Continue - the standard settings I guess.

When the MAC arrive from WLC the authentication fails with Process fail. When I set identity source Internal Endpoints it works. Something changed in the 2.7 version or it's a bug?

Thanks,

Jiri

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jiri Krystynek
Level 1
Level 1

‎12-09-2019 05:01 AM

Hi,

 

changing identity source to Internal Endpoints fixed the issue.

Thank you for the help.

 

Jiri

View solution in original post

0 Helpful
5 Replies 5

Go to solution
howon
Cisco Employee
Cisco Employee

‎12-06-2019 04:14 PM

For ISE Central WebAuth, it always has been required to setup Internal Endpoints for the identity source in the policy set. The guest users or any other identity source sequence is defined on the portal it self.

0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎12-08-2019 09:34 AM

@Jiri Krystynek wrote:

Hi,

I tried guest flow in ISE 2.7 and I'm facing issue with initial MAC authentication for redirect. I have standard configuration - identity source Guest Users with "If User now found" option set to Continue - the standard settings I guess.

When the MAC arrive from WLC the authentication fails with Process fail. When I set identity source Internal Endpoints it works. Something changed in the 2.7 version or it's a bug?

Thanks,

Jiri

Depends on how you configured it. If you used the defaults policies then it should work. If you created a new auth policy then you will likely need to change it

https://community.cisco.com/t5/security-documents/ise-guest-access-prescriptive-deployment-guide/ta-p/3640475

0 Helpful

Go to solution
Jiri Krystynek
Level 1
Level 1
In response to Jason Kunst

‎12-08-2019 01:40 PM

Hi,

 

thank you all for the replies. I'm using ISE guest for several years and version with Guest Users identity sources and everything worked fine. I thought that it's needed for the second authentication (guest account). Probably it works a little different that I thought. Never mind I can change it easily.

But still there's something different in the 2.7. I don't think it should end up with process failed, I would expect that it ends on User not Found.

 

Thanks,

Jiri

0 Helpful

Go to solution
Jiri Krystynek
Level 1
Level 1

‎12-09-2019 05:01 AM

Hi,

 

changing identity source to Internal Endpoints fixed the issue.

Thank you for the help.

 

Jiri

0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to Jiri Krystynek

‎12-09-2019 08:34 AM

@Jiri Krystynek wrote:

Hi,

 

changing identity source to Internal Endpoints fixed the issue.

Thank you for the help.

 

Jiri

Was it a new policy set or the built-in please?

0 Helpful
Customers Also Viewed These Support Documents