Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
385
Views
2
Helpful
4
Replies

ISE Sponsor portal guest mac not getting add into GuestEndpoints

Devendran Raju
Level 1
Level 1

‎12-13-2024 05:40 AM - edited ‎12-13-2024 05:41 AM

We are using ISE 3.2 patch 7. We are encountering guest access issue for random users on our ISE sponsor portal based guest SSID. User device mac address is not getting added into GuestEndpoints while guest logging in with the guest credentials. After the COA from ISE, guest users are not matching the guest allow policy. it is skipping this policy as endpoint mac address is not in the GuestEndpoints and hitting the redirection policy again.

This issue occurs only for random users and not all the users.

When we remove the endpoint mac address from Context Visibility and test, its start working

We have 2 authorization policies,
1. If Endpoint Identity Group:GuestEndpoints ==> Allow
2. If MAB and from guest SSID ==> Redirect to Sponsor Portal URL

Let us know if anyone faced such issues and possible solution to fix this issue.

4 Replies 4

MHM Cisco World
VIP
VIP

‎12-13-2024 06:11 AM

authz 1 (after sponsor) must include 
1-wirless MAB
2- GuestEndpoints

authz 2 (before sponsor) 
1- wireless MAB 
2- optional you can match SSID 

MHM

0 Helpful

Devendran Raju
Level 1
Level 1
In response to MHM Cisco World

‎12-17-2024 05:46 AM

Hi @MHM Cisco World

Thanks for your response. 

 

We are currently having the authz policy likewise only. The thing is some users are getting added into GuestEndpoit group as expected, some of them are not. If we remove the endpoint Mac address from Context Visibility and try, user Mac address is getting added into GuestEndpoit group now. 

 

Devendran Raju

0 Helpful

MHM Cisco World
VIP
VIP
In response to Devendran Raju

‎12-17-2024 06:09 AM

are there any MAB (not guest) policy above this policy?

MHM

0 Helpful

Aref Alsouqi
VIP
VIP

‎12-17-2024 06:12 AM

I would try to create a new endpoints group, associate it to the guest portal and see if that helps. If the issue should persist with the new endpoints group I would try to reset the MnT database. If this doesn't help neither I would raise it with TAC. To reset the MnT database you can issue the command "application configure ise" and select the fourth option if I remember correctly, it should be called reset MnT database or similar.

0 Helpful
Customers Also Viewed These Support Documents