cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
627
Views
0
Helpful
5
Replies

Register Guest devices without using a portal?

Josh Morris
Level 3
Level 3

I currently have a hotspot portal for guests with an AUP. I am considering getting rid of the AUP. I still want guest endpoints to be registered to the GuestEndpoints group, however, so I can purge them daily. How can I get guest endpoints to get registered to the group without providing a portal? I have tried using a hotspot portal without the AUP page, but you still get a 'Success' page, which would break devices that don't have the ability to access the portal page. 

2 Accepted Solutions

Accepted Solutions

Jason Kunst
Cisco Employee
Cisco Employee
I am not sure I follow what the purpose is. Also I don’t think there’s anyway to get that to work. Can you please explain more why you need this and why you couldn’t just sit up straight open network

View solution in original post

Sorry there isn’t a way to not present a portal page and have some browser interaction that I know of. Not really a purview of Ise guest. It’s the whole function of the portal to place into that group guestendpoints.


It would sound simpler for you to just have an open ssid without using ise? Perhaps using prime to track?

I don’t get the reference to employee database. There is no tie in and it had no relevance

View solution in original post

5 Replies 5

Jason Kunst
Cisco Employee
Cisco Employee
I am not sure I follow what the purpose is. Also I don’t think there’s anyway to get that to work. Can you please explain more why you need this and why you couldn’t just sit up straight open network

Because I want to keep the guest devices purged every day. As far as I know, the only way to purge guest devices is to have them hit a portal, where they will be automatically registered to the GuestEndpoints group. Then I can set a purge rule against that group to remove them everyday. It's all in an effort to keep Guest usability high while keeping the number of registered endpoints low. 

I still don’t understand. The only thing that purging does is remove from that group. They are still going to be in the employee database until it’s full Which is up to 1.5 million endpoints. And you didn’t provide enough information on why this is important. The guests system is meant to supply pages to the end point and it’s not meant for dumb devices that don’t have browsers. You can always do some sort of basic profiling and put them into groups that way.

Or use the my devices portal to have the users manage devices themselves


So I had an issue where my endpoint database had exceeded 70,000 endpoints when realistically, I had closer to 30,000. What I found was happening was that there were many guest endpoints hitting the guest portal, but not accepting or declining the EULA. So that endpoint never actually made it into the GuestEndpoints group. They just sat there and we'rent being purged by my GuestEndpoint purge rule or any other purge rules. So the endpoint count kept growing. I have fixed this issue by writing a custom script that eliminates those endpoints stuck in limbo. 

 

As a hospital that prioritizes the guest experience, I want to meet the following goals with my guest network.

  • All endpoints come through ISE
  • Users are not presented with a portal page, but are automatically allowed on
  • All device types are given access without needing custom profiling rules (Amazon Echos, gaming systems, weird devices that don't profile well)
  • These devices can utilize the GuestEndpoint group (or something similar) to be purged regularly.

Regarding what you said about the employee database, that is something I'm not familiar with. I thought the endpoint database was the one stop for endpoint retention. If there is another database for endpoints, then I would like to find a way to see it. 

 

Thanks for these questions. 

Sorry there isn’t a way to not present a portal page and have some browser interaction that I know of. Not really a purview of Ise guest. It’s the whole function of the portal to place into that group guestendpoints.


It would sound simpler for you to just have an open ssid without using ise? Perhaps using prime to track?

I don’t get the reference to employee database. There is no tie in and it had no relevance