Solved: Re: ISE Central Web Authentication

the.prince.of.nyinyizin · ‎07-31-2017

hi all,

now I faced this issue

-First I login to SSID and then redirect to ISE guess portal.

-login with ISE local account and successful authentication.

-After that, I tried to use internet browsing and then Redirect again and again to ISE guess portal.

Please Check My ISE Authorization Rule as follow.

Thanks You

tertang@cisco.com · ‎07-31-2017

there's no match on your "wireless guess" authz policy after a successful web-auth that's why you get stuck in a authz loop.

take a look at your guest portal configurations>>guest type.

your "wireless guess" policy is matching on " "GuestEndpoints", so you need to make sure you assign the guest device to GuestEndpoints in Guest Types.

View solution in original post

tertang@cisco.com · ‎07-31-2017

there's no match on your "wireless guess" authz policy after a successful web-auth that's why you get stuck in a authz loop.

take a look at your guest portal configurations>>guest type.

your "wireless guess" policy is matching on " "GuestEndpoints", so you need to make sure you assign the guest device to GuestEndpoints in Guest Types.

ldanny · ‎07-31-2017

Hi Nyi,

Its hard for me to say as I dont know how you setup your authz profile

Basically you should have 2 rules , the second one being the redirect and the first to permit access .

The second rule is the first rule to be hit ( match the re-direction ) once user logins he is sent a CoA for re-authentication and will hit the first rule which permits the access.

Check this guide to verify your setup.

How To: ISE Guest & Web-Authentication Design Guide

Danny