cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1781
Views
0
Helpful
5
Replies

New ISE deployment issues - Aruba WLC <-> ISE guest access

Hi guys!!

We're deploying a new installation of ISE with a guest access for Aruba WLC... in our ISE Live logs we can see MAB connection of user's computer, and match the correct Policy... and Aruba WLC redirect to Guest Portal URL to web authentication... and it works...

Now, In live logs we can't see the association between user and mac address... and we can't see user or mac address in any Identity Group (user or endpoint identity group)... so... how does ISE the association of user authentication to mac address endpoint? and how is possible that we can't see the user id in the user identity group or endpoint in "guestendpoint" endpoint identity group...?


If I manually add the endpoint mac address to the "guestendpoint" endpoint identity group... it works... but it doesn't work automatically.


Is there any debug to check it? Can you recomend me any documentation about it? Any bug?


My ISE version is:


Version:  2.1.0.474
Patch Information:  3


Thanks in advance

Regard

Marcos

1 Accepted Solution

Accepted Solutions

paul
Level 10
Level 10

On the guest portal under Guest Device Registration you should have the box checked to "Automatically register guest devices".  Then under the guest types you have built you should assign them to the Endpoint identity groups you want the guests to automatically register to.  I personally setup my own Endpoint identity groups vs. using the provided RegisteredDevices group.

View solution in original post

5 Replies 5

paul
Level 10
Level 10

On the guest portal under Guest Device Registration you should have the box checked to "Automatically register guest devices".  Then under the guest types you have built you should assign them to the Endpoint identity groups you want the guests to automatically register to.  I personally setup my own Endpoint identity groups vs. using the provided RegisteredDevices group.

Thanks for your response Paul, but this configuration is applied correctly... I hope that it's other error...

Note you will not see a guest user in an identity group. Guest database is separate from the internal database.

How are you setup to work with Aruba? LWA (Aruba portal) or CWA (Aruba redirecting to ISE portal)

Hi Jason,

configuration is CWA, Aruba redirect to ISE portal...

Please contact the TAC for further troubleshooting