Solved: Multiple different guest portals for same fqdn and port

Madura Malwatte · ‎04-22-2021

This may be a basic question, but is it possible to have different versions of say self-register guest portal to be presented for different authorization policies .i.e ssid-1 -present version1 of guest portal, ssid-2 present version2 of guest portal, using the same guest portal fqdn and port?

I have two similar self-register portals and I reference each on in a different authz policy, and depending on which ssid user hits they will receive the redirect for that particular portal even though the ip/port is the same. This should be possible right?

Example:

portal version 1 -

redirect=https://guest.company.com:8443/portal/gateway?sessionId=SessionIdValue&portal=6175f400-773d-11e7-b011-a46c2a9f8296&daysToExpiry=value&action=cwa

portal version 2 -

redirect=https://guest.company.com:8443/portal/gateway?sessionId=SessionIdValue&portal=56672702-0278-11e5-a287-a46c2a9f8296&daysToExpiry=value&action=cwa

Greg Gibbs · ‎04-22-2021

Yes, ISE can serve multiple portals from the same ip:port on the PSNs. You would just need to ensure that your Policy Set(s) and/or AuthZ Policy are built in a way to differentiate between the two SSIDs. A common method used to do this is using the Called Station ID VSA from the WLC as per the example in the folllowing post.

https://community.cisco.com/t5/network-access-control/aaa/td-p/4086034

View solution in original post

Greg Gibbs · ‎04-22-2021

Yes, ISE can serve multiple portals from the same ip:port on the PSNs. You would just need to ensure that your Policy Set(s) and/or AuthZ Policy are built in a way to differentiate between the two SSIDs. A common method used to do this is using the Called Station ID VSA from the WLC as per the example in the folllowing post.

https://community.cisco.com/t5/network-access-control/aaa/td-p/4086034

Madura Malwatte · ‎04-23-2021

Hi Greg, thanks for the response. This is what I thought. Will test and see how it goes.