Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1593
Views
5
Helpful
6
Replies

ISE Guest activity reports configuration

fashour
Level 1
Level 1

‎03-18-2013 01:39 PM - edited ‎03-10-2019 08:12 PM

Hi All,

I am trying to obtain guest activity report pertaining to the websites accessed by the guests. I have a standalone ISE deployement (1.1.2) running all personas. I am following the instructions on this document in a way:

http://www.cisco.com/en/US/products/ps6128/products_configuration_example09186a0080ac2fda.shtml#asac

I have configured the sysloging on my ASA gateway this way:

logging on

logging list WebLogging message 304001

logging trap WebLogging

logging facility 21

logging host inside <ISE-ip-address> 17/20514

I also configured http inspection:

policy-map global_policy
 class inspection_default
  inspect http
!
service-policy global_policy global

Accounting is configured on the WLC and pointing to the ISE node.

I am using CWA for guest access. This is working as expected. The Sponsor creates the account then the guest logs in successfully using the account created. I only need to have the guest activity reported. So far no luck and the activity report is empty. Any pointers are greatly appreciated.

Fadi

Labels:
0 Helpful
6 Replies 6

Tarik Admani
VIP Alumni
VIP Alumni

‎03-18-2013 04:50 PM

Fadi,

There is a bug in this feature and the bug is related to ISE, please open a TAC case to request the workaround or more information since the bug is not public. Here is the bug you can use to call into tac - CSCud12482

Thanks,

Tarik Admani
*Please rate helpful posts*

fashour
Level 1
Level 1
In response to Tarik Admani

‎03-18-2013 05:02 PM

Tarik,

Thank you for the reply. Do you know any details on the nature of the bug? I noticed through more testing that my issue goes away when I do not do vlan change upon guest authentication. Leaving the vlan, hence the ip address as well, result in positive guest activity reporting. Thanks again.

0 Helpful

Tarik Admani
VIP Alumni
VIP Alumni
In response to fashour

‎03-18-2013 05:09 PM

HI,

I was not able to get the feature to work at all, just out of curiosity are you running on a wireless controller or wired switch. You may need to see if you are sending interim accounting updates.

However, I do not know what the cause of the defect is and I havent had a chance to revisit this when I hit the problem initially since was in a lab environment.

Tarik Admani
*Please rate helpful posts*

0 Helpful

fashour
Level 1
Level 1
In response to Tarik Admani

‎03-18-2013 06:31 PM

I am using wireless controller. As I said, my issue is resolved when do not change vlan for the clients. Do you have visibility to the bug you mentioned? If you can post the details, it would be tremendous help.

Fadi

0 Helpful

Tarik Admani
VIP Alumni
VIP Alumni
In response to fashour

‎03-18-2013 10:22 PM

Fadi,

I am clueless much like yourself. The bug details were provided to me in a link but the link never worked, therefore I do not have the details of the defect. Due to the amount of time I was unable to follow up with TAC.

Thanks,

Tarik Admani
*Please rate helpful posts*

0 Helpful

descalante2007
Level 1
Level 1
In response to fashour

‎05-28-2013 10:48 AM

Hi Fashour:

I will began test to generate this kind of reports soon (I need to wait por authorization to get access to ASA and change current config) I have some questions:

Did you configure something in the ISE to enable it as syslog server?

Can it be possible that you paste an image with the report results as a sample? I like to show my company and my customer what kind of reports we should expect ..

Regards.

0 Helpful
Customers Also Viewed These Support Documents