Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4092
Views
0
Helpful
3
Replies

SSID usage in ISE policy in sponsor portal

Go to solution
michelbijnsdorp
Level 1
Level 1

‎06-30-2016 05:07 AM

Hi,

In the default sponsor portal view there is a SSID: option which can be filled for the configured SSID.

Based on which a sponsor portal user select for this SSID fields allows the user to be connected to.

In the ISE policy options I did not found a attribute field that correspond with the SSID option in the sponsor portal view.

question1: Is there a attribute field in one of many ISE policy / condition option fields or is this SSID filed just for user reference if the sponsor portal credentials are send to the user in email/hard copy?

question2: what is the relation in the Guest Access->Settings->Custom Fields->Custom Field Name : eg. choose SSID  and the Guest attributes (Optional Data1, Optional Data2 etc ) fields that can be used in a ISE policy / Condition?  Can the Custom Field Name in the Guest Acces menu be used for building ISE policy/conditions

Hopefully my topic makes any sense and if you need some more information please do not hesitate to respond.

With kind regards,

Michel Bijnsdorp

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎06-30-2016 08:22 AM

A similar question was asked just recently gvanbon I believe

Its a great question, the SSID in the guest notification is there as a label for easy communication only. Its not called out in an authorization rule as an attribute.

use case - I am a sponsor and I send an email with the SSID you should be connecting to. There are multiple SSIDs at the site. No there is no way to grab that and pass along to Authorization rules/policy. Suggest you get this over to the ISE-PM mailer internally to ask for an enhancement. Otherwise this would be some advanced customization where you monitor ISE MNT syslog generation and do some sort of attribute mapping in perhaps external ODBC database.

I think this could be done indirectly using Guest Types. This will make more difficult and not as dynamic as you would like but what about having different Guest_types allowed against different SSID?

Authz rule > If Wireless_MAB and SSIDX (CalledStationID and GuestTypeX then permit access

otherwise redirect to a hotspot as a message portal saying you are not authorized to connect to this SSID?

Re: Support Information button in place of link?

See regex examples here:

ISE Policies Based on SSID Configuration Examples - Cisco

Some example of matching SSID using Radius Called Station ID

https://supportforums.cisco.com/sites/default/files/ise_location-based_web_portals-v2.pdf

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎06-30-2016 08:22 AM

A similar question was asked just recently gvanbon I believe

Its a great question, the SSID in the guest notification is there as a label for easy communication only. Its not called out in an authorization rule as an attribute.

use case - I am a sponsor and I send an email with the SSID you should be connecting to. There are multiple SSIDs at the site. No there is no way to grab that and pass along to Authorization rules/policy. Suggest you get this over to the ISE-PM mailer internally to ask for an enhancement. Otherwise this would be some advanced customization where you monitor ISE MNT syslog generation and do some sort of attribute mapping in perhaps external ODBC database.

I think this could be done indirectly using Guest Types. This will make more difficult and not as dynamic as you would like but what about having different Guest_types allowed against different SSID?

Authz rule > If Wireless_MAB and SSIDX (CalledStationID and GuestTypeX then permit access

otherwise redirect to a hotspot as a message portal saying you are not authorized to connect to this SSID?

Re: Support Information button in place of link?

See regex examples here:

ISE Policies Based on SSID Configuration Examples - Cisco

Some example of matching SSID using Radius Called Station ID

https://supportforums.cisco.com/sites/default/files/ise_location-based_web_portals-v2.pdf

0 Helpful

Go to solution
michelbijnsdorp
Level 1
Level 1
In response to Jason Kunst

‎07-06-2016 04:51 AM

Hi Jason,

I'm indeed the originator of the question that in the first place was send to Gerard van Bon (gvanbon).

But can you also provide an answer of the second part of the use-case?

question2: what is the relation in the Guest Access->Settings->Custom Fields->Custom Field Name : eg. choose SSID  and the Guest attributes (Optional Data1, Optional Data2 etc ) fields that can be used in a ISE policy / Condition?  Can the Custom Field Name in the Guest Acces menu be used for building ISE policy/conditions? Or what is the function of these Custom Field Name attributes and where can I retrieve the data that a user has filled in. ?

Kind regards Michel.

0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to michelbijnsdorp

‎07-06-2016 05:17 AM

These fields cannot be used in the authorization policy

You can however utilize them under the master guest report.

0 Helpful
Customers Also Viewed These Support Documents