07-02-2022 10:16 AM
I’m running into an issue with some windows 10 clients.
After the clients register in the Guest portal, and a successful logon page appears, instead of getting directed to the internet the clients are getting re-directed back to register.
If the clients go through the registration process a second time, then everything works properly.
Also, if instead of registering a second time the client is disconnected and reconnected to the Guest wifi the internet connection works without having to register that second time.
I’ve tested with android, ipad, iphone, and Mac OS and have no such issue. Also some windows 10 clients work without a problem.
Any ideas, or suggestions?
My environment:
ISE 3.1.0.135 Patch 3.
6 nodes (1 PAN, 1 SAN, and 4 PSNs).
Using a wildcard certificate for the guest portal.
And I’m using some customization to hide the username and password fields, as explain on this link https://community.cisco.com/t5/network-access-control/re-ise-guest-portal-customization-assistance/m-p/3919698#U3919698
07-03-2022 01:43 PM
Hard to say. Ad blockers, plug-ins that could be interfering? Or is there a pattern based on the browser(s) used?
07-05-2022 06:15 AM
07-05-2022 06:28 AM
To me it seems a bugy behaviour. I would try to change the post registration redirect settings to something else, save, and then back to the original URL.
07-05-2022 11:05 PM
Also, I'm sure it is just a typo but you should have ISE 3.1.0.518, not 3.1.0.135.
If you do have build .135, you have a real problem. 8-)
07-06-2022 05:57 AM
Thomas, yes my mistake, the version is 3.1.0.518.
@Aref Alsouqi , I've tried changing those settings as well, but no luck.
It is really an odd issue. In my opinion ISE is working, as other devices are able to go through the registration process and work fine.
I even reset/re-install Windows in a particular client to ensure there were no GPOs or any sort of company policy doing something weird, and also updated the NIC drivers, but it didn't help either.
07-06-2022 06:16 AM
Could it be due to some latency between the network device and ISE? maybe the CoA traffic is not delivered in time?
07-08-2022 02:57 PM
Have you checked that these endpoints are using randomized MAC addresses? IF the endpoint uses a new MAC address when the Change of Authorization happens then ISE may not know that it's the one that just registered (old MAC address) so it applies the redirect Authorization Profile again.
You didn't include any ISE Live Logs to see these details so it's difficult to troubleshoot beyond speculation.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide