Timezones and Locations have always been an annoyance with ISE. ISE 1.3 got rid of some of the issues but also introduced some of its own. One of the main problems was that ISE came with only 1 location configured. This was the San Jose location. If you happened to be setting up the system based in that time zone of your browser timezone then everything worked fine. You created an account via self-registration or the sponsor portal and that account could be used to login to the guest portal.
Now if you were on a machine with another timezone such as Boston, the account wouldn't work because you created the account at 9am locally the timezone you chose was 3 hrs later. The account wouldn't become active until then. From Sponsored specified date guest types only active the account at the specific time.
This also wasn't obvious because if you have only 1 location created then you won't be give the choice to change it. Its only good for the user experience to not show it again if its the timezone you're operating out of. If you have multiple locations then its obvious once you know you have to configure them.
This image shows the choice you make when there are multiple locations configured
Location are configured under Guest Settings and also under the Sponsor Group and Self-registration portals.
From First Login (re-introduced in ISE 2.1, it was available in releases <1.3 as well) activates the account immediately regardless of the timezone (location selection). For most cases it doesn't matter that you're using locations at all since we introduced this capability since the account is ready to go once its created!
There is only a couple instances where you might still need to use locations.
The first is if you need to restrict access based off access times (example: only allow guests to login to portal from 8am to 5pm) under the guest type.
It can also be used to customize messages sent to the guests. For example, a success page or email notification that includes location and other variables. You don’t need to use locations for account creation time if using From First Login guest type but you’re still able to use the locations in notifications for customization.
Welcome Jason to our guest network, you are located in the Boston office, please connect to the guest network on SSID: boston-guest
Email notification example:
Hello $ui_first_name$, Your guest account details: Username: $ui_user_name$ Password: $ui_password$ First Name: $ui_first_name$ Last Name: $ui_last_name$ Valid From: $ui_start_date_time$ Valid To: $ui_end_date_time$
You are in the $ui_location_name$ Office, please connect to wireless network: $ui_ssid$
If you have no need for these options, then you can use From First Login type guests available in ISE 2.1+
Hi,I have a deployment with 2 nodes. I had to reinstall a broken node. When I joined the new node to the deployment, sync finished successfully but authentication logs were not synchronised. How to force ISE to send all historical authentication logs from...
Hi, I have established a VPN between Cisco ASA and a Fortinet firewall. Phase 1 and Phase 2 are up and traffic is passing but after a while the VPN phase 2 drops and traffic is not able to be passed without logging/rebooting the tunnel manually...
Hi,I want to do the below setupSITE TO SITE VPN PRIORITYPriority 1 site1 192.168.2.0/24 site2 192.168.3.0/24Priority 2 site1 192.168.2.0/24 site3 192.168.4.0/24My question since the source (192.168.2.0/24) is same the traffic destined to 192.168.4.0/24 wi...