cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

565
Views
5
Helpful
10
Replies
Participant

ISE Guest Redirection Everytime

Hello, I'm currently redirecting the guest users to a hotspot portal and that's working just fine. Once they disconnect and attempt to re-connect they're not being redirected to the portal anymore. How can I configure ISE to redirect the guest users everytime they connect to the guest wireless. I guess what I'm asking is if there's a way to purge the guest account automatically everytime they disconnect from the wireless.

1 ACCEPTED SOLUTION

Accepted Solutions
Participant

Re: ISE Guest Redirection Everytime

I ended up creating a purging policy that purges endpoints every 8 hours which is the minimum. This is working fine. Thanks for all your inputs.

View solution in original post

10 REPLIES 10
Highlighted
Cisco Employee

Re: ISE Guest Redirection Everytime

Closest option is to use 'Endpoints: LastAUPAcceptanceHourse' condition to force them to accept AUP at set interval.

Participant

Re: ISE Guest Redirection Everytime

Thanks Howon, what's the minimum that can be set. We're on 2.4 latest patch. Also do I have have to synch that timeout with the session timeout on the WLC?

Re: ISE Guest Redirection Everytime

Is it possible to share the policy screenshot?

-Aravind
Participant

Re: ISE Guest Redirection Everytime

Here it is. I just not sure what value I should be configuring to redirect the wireless user to the portal everytime they connect to the wireless even if they connect back to back.

Re: ISE Guest Redirection Everytime

1. Redirection policy with conditions as wireless mab & SSID name -> redirects to the guest portal.

2. Guest access policy with the condition as Network access: UseCase equals to Guest Flow -> Guest Access

 

Similar to this one.Capture.JPGGuest policy-redirects at every reconnection

 

-Aravind
Cisco Employee

Re: ISE Guest Redirection Everytime

Participant

Re: ISE Guest Redirection Everytime

Thanks Jason, so the period can't be less than 24 hours? I went through this doc and it says I can set the minimum to be 1 hour.

 

https://www.ciscolive.com/c/dam/r/ciscolive/emea/docs/2016/pdf/TECSEC-3672.pdf

 

Will my authz policy work the way it's created to prompt the guest for the AUP if they haven't accepted it in the last hour?

 

 

Cisco Employee

Re: ISE Guest Redirection Everytime


@NETAD wrote:

Thanks Jason, so the period can't be less than 24 hours? I went through this doc and it says I can set the minimum to be 1 hour.

 

https://www.ciscolive.com/c/dam/r/ciscolive/emea/docs/2016/pdf/TECSEC-3672.pdf

 

Will my authz policy work the way it's created to prompt the guest for the AUP if they haven't accepted it in the last hour?

 

 


Its showcasing a time range, saying < 24 hrs then dont prompt. The minimum time is 1 hour. The admin guide needs to be fixed.  Why are you wanting to accept every time, this is going to be awful for user everytime they sleep their mobile device..

Cisco Employee

Re: ISE Guest Redirection Everytime

Another way might be to use the regular guest portal with username and password, rather than hotspot. I believe there a way to pre-filll the credentials, if needed.

Also, if CoA Reauthenticate selected as the CoA type in a hotspot portal, we might be able to use some attributes, such as GuestFlow as proposed by Aravind Ravichandran, to authorize the endpoints with proper access.

 

Participant

Re: ISE Guest Redirection Everytime

I ended up creating a purging policy that purges endpoints every 8 hours which is the minimum. This is working fine. Thanks for all your inputs.

View solution in original post