This post explains the use case of having an ISE Guest user access the internet temporarly to be able to check their email for their credentials.
User wishing to access Internet from local library either via own wifi-only device or public shared PC in library
This is not a current feature of the product, please work with your account team to request this feature. Read below for other options.
1. User connects to open SSID with device 2. Captive portal requires them to complete personal details including valid email address 3. User completes the form and submits and is then given time-limited Internet Access (web security filtered) 4. User accesses their email from either their own device or from public shared device 5. User clicks a verification link sent from the guest management system which verifies the user and tells the portal service to reset the timer from 15 minutes to 24 hours (or similar) 6. User now has full, non- time limited access to the Internet 7. Provider can track usage of service by valid user email ID 8. Guest accounts are purged after expiry of timer
You can provide Internet access during portal redirect phase and set RADIUS session timeout in Authorization profileto 5 min, but nothing prevents user from constantly going back to redirect phase after timeout so not a good option if goal is Internet Only access. They could check their email this way with the cavaet you couldn’t redirect all internet to the ISE Guest Portal. You would need to setup a certain site in your redirect ACL that is interesting and only redirect on that. For example www.yourcompany.com So when they first came in the network and connected to Guest they would need to manually access this site to be redirected to the guest portal to create an account
Another option is to have a kiosk setup using a self-registration portal for email checking and/or printing
I attached a PDF of a sample way doing advanced customization on how to make a self-reg portal that could be used for this KIOSK concept. This could be adapted to have them go through self-reg sending the creds via email.
A better approach would be to use SMS with self-reg instead of email. As tracking to a mobile account is better tracking and don't need internet access to check for a text message.
For any help on advanced customization efforts please work with cisco partner for customized work flows. Cisco Supports the use of advanced customization with our portals but the TAC is not there to providing scripting or web development support.
ISE2.6 guest portal redirect with IP chrome have issue. my ISE guest cert is signed with public CA, however due to guest design, we redirect the IP of the DMZ instead of hostname, thus the CN is not contain the IP. is that the Chrome behavi...
SymptomsOutage during FTD code upgrade DiagnosisThe FTD code upgrade thru FMC will cause the traffic interruptionSolutionBelow process will upgrade the FTD with no downtime and no traffic interruption.Before the upgrade process:Download the FTD platf...