Hello,

Has anyone successfully implemented this?

URL Redirect Mechanism and Auth VLAN

When a third-party device is used in the network and the device does not support dynamic or static URL redirect, Cisco ISE simulates the URL redirect flow. The URL redirect simulation flow for such devices is operated by running a DHCP or DNS service on Cisco ISE.

The following is an example of an Auth VLAN flow:

1. A guest endpoint connects to the NAD.

2. The network device sends the RADIUS or MAB request to Cisco ISE.

3. Cisco ISE runs the configured authentication and authorization policy and stores the user accounting information.

4. Cisco ISE sends the RADIUS access accept message that contains the Auth VLAN ID.

5. The guest endpoint receives network access.

6. The endpoint broadcasts a DHCP request, and obtains a client IP address and the Cisco ISE DNS sinkhole IP address from the Cisco ISE DHCP service.

7. The guest endpoint opens a browser that sends a DNS query and receives the Cisco ISE IP address.

8. The endpoint HTTP and HTTPS requests are directed to Cisco ISE.

9. Cisco ISE responds with an HTTP 301 Moved message with a guest portal URL. The endpoint browser redirects to the guest portal window.

10. The guest endpoint user logs in for authentication.

11. Cisco ISE validates endpoint compliance and then responds to the NAD. Cisco ISE sends the CoA, authorizes the endpoint, and bypasses the sinkhole.

12. The guest user receives the appropriate access based on the CoA, and the endpoint receives an IP address from an enterprise DHCP. The guest user can now use the network

https://www.cisco.com/c/en/us/td/docs/security/ise/3-0/admin_guide/b_ISE_admin_3_0/b_ISE_admin_30_secure_wired_access.html#concept_CDD87F6FE3A54351B27FF35316A23DA3