Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1414
Views
0
Helpful
5
Replies

ISE web agent not working for guest users

Maher Shaban
Level 1
Level 1

‎06-12-2014 05:24 AM - edited ‎03-10-2019 09:47 PM

 

Hi All,

I'm trying to configure client provisioning, and posture assessment for guest user (Computers not joined to domain).

when I try to connect the guest to the network, I found that the guest computer matches with the MAB authentication policy, and then doesn't match with the guest created authorization policy, but matches with the default policy.

no certificates installed on the guest computer.

my configuration is attached.

 

any solution please?

Regards,

Maher

 

 

1 person had this problem
Labels:
Preview file
79 KB
Preview file
96 KB
Preview file
68 KB
Preview file
64 KB
Preview file
76 KB
Preview file
120 KB
Preview file
87 KB
Preview file
59 KB
Preview file
221 KB
0 Helpful
5 Replies 5

manjeets
Level 3
Level 3

‎11-18-2014 11:28 PM

Could you try endpoint debugging, a new feature in ISE 1.3, and see if that gives a better DEBUG log(s)? You may access it at ISE live log by right-clicking on the endpoint’s MAC address or go to Operations > Troubleshoot > Diagnostic Tools > General Tools > EndPoint Debug.

0 Helpful

andre.ortega
Spotlight
Spotlight

‎09-21-2015 11:13 AM

Hi Maher,

Did you solve it? How?

0 Helpful

Maher Shaban
Level 1
Level 1
In response to andre.ortega

‎12-05-2015 09:15 PM

Hi andre,

i tried a work around, and it's working now using the guest flow.

I created 3 authz policies for the guest (Compliant, non-compliant, and unknow).

the difference between the policies is in the conditions.

for compliant:

Conditions
Session:PostureStatus EQUALS Compliant OR
Network Access:UseCase EQUALS Guest Flow OR
AD01:ExternalGroups EQUALS centamin.local/Builtin/Guests

for non-compliant:

Conditions
Session:PostureStatus EQUALS NonCompliant OR
Network Access:UseCase EQUALS Guest Flow OR
Network Access:WasMachineAuthenticated EQUALS False OR
AD01:ExternalGroups EQUALS centamin.local/Builtin/Guests

for the unknown:

Conditions
Session:PostureStatus EQUALS Unknown AND
Network Access:UseCase EQUALS Guest Flow AND
Network Access:WasMachineAuthenticated EQUALS False AND
AD01:ExternalGroups EQUALS centamin.local/Builtin/Guests

notice that I configured the guest to include also the domain users whos their computers aren't authenticated previously..

Thanks,

0 Helpful

ben.posner
Level 1
Level 1

‎09-24-2015 09:29 AM

did you get this working? i'd like to run something similar.

0 Helpful

andre.ortega
Spotlight
Spotlight
In response to ben.posner

‎09-24-2015 09:54 AM

My config is working now ben.posner.
The problem is that in the newest versions we shouldn't use "guestflow" to identify authenticated guest user.
How did you configure it?
You might try to use the Guest User Group.

My Guest Authorization rules are attached.

 

Preview file
27 KB
0 Helpful
Customers Also Viewed These Support Documents