This post explains the use case of having an ISE Guest user access the internet temporarly to be able to check their email for their credentials.
User wishing to access Internet from local library either via own wifi-only device or public shared PC in library
This is not a current feature of the product, please work with your account team to request this feature. Read below for other options.
1. User connects to open SSID with device 2. Captive portal requires them to complete personal details including valid email address 3. User completes the form and submits and is then given time-limited Internet Access (web security filtered) 4. User accesses their email from either their own device or from public shared device 5. User clicks a verification link sent from the guest management system which verifies the user and tells the portal service to reset the timer from 15 minutes to 24 hours (or similar) 6. User now has full, non- time limited access to the Internet 7. Provider can track usage of service by valid user email ID 8. Guest accounts are purged after expiry of timer
You can provide Internet access during portal redirect phase and set RADIUS session timeout in Authorization profileto 5 min, but nothing prevents user from constantly going back to redirect phase after timeout so not a good option if goal is Internet Only access. They could check their email this way with the cavaet you couldn’t redirect all internet to the ISE Guest Portal. You would need to setup a certain site in your redirect ACL that is interesting and only redirect on that. For example www.yourcompany.com So when they first came in the network and connected to Guest they would need to manually access this site to be redirected to the guest portal to create an account
Another option is to have a kiosk setup using a self-registration portal for email checking and/or printing
I attached a PDF of a sample way doing advanced customization on how to make a self-reg portal that could be used for this KIOSK concept. This could be adapted to have them go through self-reg sending the creds via email.
A better approach would be to use SMS with self-reg instead of email. As tracking to a mobile account is better tracking and don't need internet access to check for a text message.
For any help on advanced customization efforts please work with cisco partner for customized work flows. Cisco Supports the use of advanced customization with our portals but the TAC is not there to providing scripting or web development support.
Earlier this year, we purchased some ASAv virtual appliances with an SWSS service contract. The service contract lists the instance number in place of the serial number on CCW-R. The serial numbers on the VMs are not associated with a Service ...
Hi Everyone,Need support on below. 1) Can we have two syslog server configured in FMC and attach them to same rule so that any event related to that rule will be send to syslog server. 2) I get huge amount of events in event viewer and I am not ...
I have a question that I couldn't find an answer for. I currently have a site-to-site VPN setup with a remote hospital. It gives us the capability for our Doctors to be able to read images from our hospital at the remote one. We have started to see issues...
Can someone help me... I have two Cisco ASA 5506... I've already configured the Site to Site VPN connection.......The VPN connection was established like normal........... the problem is, the VPN connection always dropped, and then it will establish again...
Hello, I am trying to implement dmarc check in Ironport AsyncOS.After enabling DMARC check, Non-Delivery Report does not pass DMARC check, because nor NDR sender is (empty). All normal e-mails can pass DMARC verification. Is there any way to allow ND...