Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1051
Views
0
Helpful
7
Replies

ISE portal redirection for some clients

GFernandez07
Level 1
Level 1

‎07-02-2022 10:16 AM

I’m running into an issue with some windows 10 clients.

After the clients register in the Guest portal, and a successful logon page appears, instead of getting directed to the internet the clients are getting re-directed back to register.

If the clients go through the registration process a second time, then everything works properly.

Also, if instead of registering a second time the client is disconnected and reconnected to the Guest wifi the internet connection works without having to register that second time.

I’ve tested with android, ipad, iphone, and Mac OS and have no such issue. Also some windows 10 clients work without a problem.

Any ideas, or suggestions?

 

My environment:

ISE 3.1.0.135 Patch 3. 

6 nodes (1 PAN, 1 SAN, and 4 PSNs).

Using a wildcard certificate for the guest portal.

And I’m using some customization to hide the username and password fields, as explain on this link https://community.cisco.com/t5/network-access-control/re-ise-guest-portal-customization-assistance/m-p/3919698#U3919698

 

0 Helpful
7 Replies 7

Arne Bier
VIP
VIP

‎07-03-2022 01:43 PM

Hard to say.  Ad blockers, plug-ins that could be interfering? Or is there a pattern based on the browser(s) used?

 

0 Helpful

GFernandez07
Level 1
Level 1
In response to Arne Bier

‎07-05-2022 06:15 AM

Thank you for the response.
I've tried different browsers (Chrome, Edge and Firefox) with the same result.
0 Helpful

Aref Alsouqi
VIP
VIP

‎07-05-2022 06:28 AM

To me it seems a bugy behaviour. I would try to change the post registration redirect settings to something else, save, and then back to the original URL.

0 Helpful

thomas
Cisco Employee
Cisco Employee

‎07-05-2022 11:05 PM

Also, I'm sure it is just a typo but you should have ISE 3.1.0.518, not 3.1.0.135.

If you do have build .135, you have a real problem.  8-)

0 Helpful

GFernandez07
Level 1
Level 1
In response to thomas

‎07-06-2022 05:57 AM

Thomas, yes my mistake, the version is 3.1.0.518.

@Aref Alsouqi , I've tried changing those settings as well, but no luck.

It is really an odd issue. In my opinion ISE is working, as other devices are able to go through the registration process and work fine.

I even reset/re-install Windows in a particular client to ensure there were no GPOs or any sort of company policy doing something weird, and also updated the NIC drivers,  but it didn't help either. 

 

 

0 Helpful

Aref Alsouqi
VIP
VIP
In response to GFernandez07

‎07-06-2022 06:16 AM

Could it be due to some latency between the network device and ISE? maybe the CoA traffic is not delivered in time?

0 Helpful

thomas
Cisco Employee
Cisco Employee

‎07-08-2022 02:57 PM

Have you checked that these endpoints are using randomized MAC addresses?  IF the endpoint uses a new MAC address when the Change of Authorization happens then ISE may not know that it's the one that just registered (old MAC address) so it applies the redirect Authorization Profile again.

You didn't include any ISE Live Logs to see these details so it's difficult to troubleshoot beyond speculation.

0 Helpful
Customers Also Viewed These Support Documents