07-03-2017 09:02 PM - last edited on 03-11-2019 12:49 AM by NikolaIvanov
Hi,
I'm wondering if there is information available on how ISE counts guest users as displayed on the homepage under 'Authenticated Guests'.
I'm using a self-registered guest portal, following documentation here :
It seems in my initial testing that when a user successfully logs into the guest portal, the count is incremented.
In order to avoid multiple portal logins if a user disconnects their session, I have a second rule that uses a guest endpoint identity group.
When the user hits this rule, and doesn't login to the web portal, it seems the authenticated guests count is not incremented.
Could someone confirm how the count is expected to work, does it require a web portal login and if so is there is a way to include sessions matching a guest endpoint identity group as well?
Just the count is a little misleading as there are more authenticated guests than presented.
Cheers.
Solved! Go to Solution.
05-27-2021 12:05 PM
During Guest process, if the endpoint is required to go over Guest flow process (portal pop up) this will be count as new Guest authentication and counter will increase, however, based on accounting stop messages previous session should be released to avoid multiple sessions opened for same endpoint.
The reason why you don't see the increase hitting the rule with identity group is because you are not going over Guest flow this time, because your endpoint is already assigned to a group and authentication is not using Guest condition and portal is not displayed.
Make sure accounting is properly configured and you are not having multiple sessions open for same endpoint.
05-27-2021 02:45 AM
/push
I'm have this question too.
in my case we are using external webauth, means the WLC is redirecting clients to the ISE sponsored guest captive portal, where they can login with their credentials, which were previously created from a sponsor.
after authentication was successful, clients have to reconnect to eventually get authenticated via MAB endpoint check.
unfortunately the ISE those not reflect the guest authentication or in other words guest enpoints connected via MAB in the dashboard.
it would be pretty convenient to configure this via policy result, so that i can choose if a session was created by a specific authz rule, it gets marked with "authenticated guest, same goes for "byod" if you simple to peap/mschap für boyds.
05-27-2021 12:05 PM
During Guest process, if the endpoint is required to go over Guest flow process (portal pop up) this will be count as new Guest authentication and counter will increase, however, based on accounting stop messages previous session should be released to avoid multiple sessions opened for same endpoint.
The reason why you don't see the increase hitting the rule with identity group is because you are not going over Guest flow this time, because your endpoint is already assigned to a group and authentication is not using Guest condition and portal is not displayed.
Make sure accounting is properly configured and you are not having multiple sessions open for same endpoint.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide