cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

665
Views
0
Helpful
1
Replies
Highlighted
Beginner

ISE guest portal FQDN

It is possible to create guest portal FQDN?

I will try to explain.

Requirements:

1)WiFi Network must be secure with L2-security(WPA2-Enterprise,PEAP) - not L3 or Web redirection.

2)WiFi users must use separate External Authority(AD or LDAP, not enterprise and not ISE local)

3)There is no need to manage personal devices.

4)WiFi users must have ability to change their's password from intranet portal which can be accessed with FQDN.

 

There is no problem with req 1-3, but seems no chance to create portal only for change user's password. These requirements linked with issue "mobile devices not provide ability to change password" if ISE send request to change it(Tested on iPhone, Android and WindowsMobile with Active Directory).

 

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Beginner

Hi Sefedoro,

The ISE 1.3 does support FQDN use with Guest portals. This can be defined in Authorization profile that specifies CWA portal. However this Guest Portal FQDN can only be accessed by clients with sessions active in the guest flow process. Also  password change  via the Guest portal is supported for internal ISE  Guest accounts and not AD accounts. Once network connectivity is established by a windows client via WPA2-Enterprise, a user can change their password via ctrl-alt-delete -> change password option. If you are using User Authentication or User or Computer Authentication in the supplicant I would test this process on a couple different windows builds.   The OS and supplicant should automatically pick up the password change. If you use an intranet portal intermediary the user will have to log off and back on to the laptop with the new credentials. Using Machine (computer only) authentication will avoid these issues.

View solution in original post

1 REPLY 1
Highlighted
Beginner

Hi Sefedoro,

The ISE 1.3 does support FQDN use with Guest portals. This can be defined in Authorization profile that specifies CWA portal. However this Guest Portal FQDN can only be accessed by clients with sessions active in the guest flow process. Also  password change  via the Guest portal is supported for internal ISE  Guest accounts and not AD accounts. Once network connectivity is established by a windows client via WPA2-Enterprise, a user can change their password via ctrl-alt-delete -> change password option. If you are using User Authentication or User or Computer Authentication in the supplicant I would test this process on a couple different windows builds.   The OS and supplicant should automatically pick up the password change. If you use an intranet portal intermediary the user will have to log off and back on to the laptop with the new credentials. Using Machine (computer only) authentication will avoid these issues.

View solution in original post

Content for Community-Ad