This post explains the use case of having an ISE Guest user access the internet temporarly to be able to check their email for their credentials.
User wishing to access Internet from local library either via own wifi-only device or public shared PC in library
This is not a current feature of the product, please work with your account team to request this feature. Read below for other options.
1. User connects to open SSID with device 2. Captive portal requires them to complete personal details including valid email address 3. User completes the form and submits and is then given time-limited Internet Access (web security filtered) 4. User accesses their email from either their own device or from public shared device 5. User clicks a verification link sent from the guest management system which verifies the user and tells the portal service to reset the timer from 15 minutes to 24 hours (or similar) 6. User now has full, non- time limited access to the Internet 7. Provider can track usage of service by valid user email ID 8. Guest accounts are purged after expiry of timer
You can provide Internet access during portal redirect phase and set RADIUS session timeout in Authorization profileto 5 min, but nothing prevents user from constantly going back to redirect phase after timeout so not a good option if goal is Internet Only access. They could check their email this way with the cavaet you couldn’t redirect all internet to the ISE Guest Portal. You would need to setup a certain site in your redirect ACL that is interesting and only redirect on that. For example www.yourcompany.com So when they first came in the network and connected to Guest they would need to manually access this site to be redirected to the guest portal to create an account
Another option is to have a kiosk setup using a self-registration portal for email checking and/or printing
I attached a PDF of a sample way doing advanced customization on how to make a self-reg portal that could be used for this KIOSK concept. This could be adapted to have them go through self-reg sending the creds via email.
A better approach would be to use SMS with self-reg instead of email. As tracking to a mobile account is better tracking and don't need internet access to check for a text message.
For any help on advanced customization efforts please work with cisco partner for customized work flows. Cisco Supports the use of advanced customization with our portals but the TAC is not there to providing scripting or web development support.
hi All, I need someone to confirm one thing about deployment for 9 PSNs. I remember from most of the presentations that whenever you have more than 5 PSN you need to split PAN from MnT so how to interpret the following pictures? ...
Hello, If I want to use MAB on a bunch of devices from the same manufacturer that can;t do 802.1x can I create just a single MAB policy and have all the devices hit that policy or whi I have to enter every actual MAC address for each device?&nb...
Hello,does Cisco provide a security solution for traffic inspection for web servers (like the Fortinet solution FortiWeb: https://www.fortinet.com/de/products/web-application-firewall/fortiweb.html)?- SSL offload- inspection of decrypted traffic- specific...
ASAv Version 9.6(4). After a reboot of the EC2 instance, the ASAv looks like it comes up and is working correctly, but nothing gets routed and the NAT translation doesn't appear to work. Doing a show xlate only shows the NAT object definitions...
when i deploy my FTD appliance inline (running on a 4120 chassis) my backups (from a windows server to EMC data domain appliance) slow down dramatically the source and destination are in different subnet and traffic passes thru the firepower.&n...