Imagine you wanted to combine a Sponsored Guest and Hotspot portal from a single landing page - this document shows you how to achieve a portal flow as shown below:
ISE offers various types of guest portal types (Sponsored, Self-Registered and Hotspot) and for many customer use cases these work just fine out of the box.
But there may be times when your customers want to have more than one Portal type on the same SSID/Guest VLAN. ISE does not have a concept of a landing page that allows us to jump off to various types of Portals. This might be something in future but for now (ISE 2.6) this does not exist.
There are folks who have posted solutions about linking Portal types to one another using JQuery and these solutions might work for some. But there are limitations when using custom scripts in Login portals because the Apple CNA (Captive Network Assistant) doesn't like that. Apple iOS is very popular and we want guest portals to auto-magically appear. Turning that feature off and asking users to open Safari is not an option for me. Other limitations might include making the solution highly available if you don't have a single VIP to refer to - hard coding FQDN/IPs into JQuery is not my idea of fun. Apart from the fact that I am not a web developer - you might have better luck over on DevNet if that is your thing,
I am proposing a no-coding solution that fits a particular use-case that might be useful to others. The use case is this:
Customer provides a single Guest WiFi SSID (but could apply to wired as well - I am focusing on Wi-Fi)
Customer provides a click-through hotspot for 1 day internet surfing
The same portal also allows Sponsored Guests to login and get access for longer periods of time. Sponsored accounts are provided to visitors via out of band means (e.g. handed to the guest on arrival or in advance via email etc.) - typical Sponsored Guest stuff.
Start off by creating a new Self-Registered Guest Portal
Then give the Portal a name and description and click Save
The rest of the settings are left as default unless I specifically mention to change them, and also changing them is significant.
The Login Page Settings are left as default as shown below - the key thing is that there is an option to allow guests to create their own account. But as you will see later, guests cannot create their own accounts because we will hide all the fields (except for the email address).
Then modify the Registration Form Settings
In the Self-Registration Success Settings you need to select at least one field to display. Don't worry - ISE won't display these to the user. But you have to do this anyway to satisfy the Portal creation process.
Ensure that you hide the Post Login banner.
That's the end of the mandatory settings. You can tweak the other settings but do them one at a time. I found that ISE was very fussy about which settings allowed this to work. Your mileage may vary ...
Now move on to the Portal Page Customisation - in this section we mainly change some text to offer more explanation to the user what certain buttons do, and what the Username/Password is for. Recall that, some users will expect to land on a simple hotspot portal and wonder what the username/password is for - you can think of other descriptive ways to explain this. My wording is shown below
In the Login sub-tab enter some meaningful instructional text as show below
In the Self Registration Form sub-Tab edit the button text that used to say "register" - and replace it with something more meaningful like "Click here for internet".
What should it look like?
The landing portal page looks like this:
You can either sign in with the sponsor provided creds (e.g. email@example.com as shown above) and be granted internet for the number of days as designated by the Guest Type chosen (I have not covered the Sponsored Guest part here - there are many references available that talk about that)
And on the same landing page you can click on the link "GET INSTANT INTERNET ACCESS" which will display this page that looks like a hotspot
The CONNECT NOW button is disabled until you click on the AUP checkbox. The email address is optional at all times. As soon as you click CONNECT NOW, you will be redirected to google (or whatever else you like).
Let me know if you have any comments or suggestions to improve this
Has anyone come up with any solution for this requirement?
The capability within ISE to customize the type and number of fields in the form that comes up when you are creating/sponsoring guest accounts.
Hi Everyone, Can anyone help with sizing the Cisco ASA 5500X? Total number of user will be 150. Total ISP bandwidth will be 50Mbps.Services used will be - URL Filtering, Application Control, AMP, IPSEC, IPS/IDS. If anyone has sizing documen...
Hi All,Hope you all are doing goodPlease help me on the below..I have one Cisco 2800 series router, One 5516-X firewall one 3560 Switch and 3 Servers like, File server, web server etc.Have single Internet link (Broad Band) with static IP address (Public I...
hello, i m using cisco switch 3650 denali 16.3.xi would like to use aaa authentication login radius + localwhen i use radius acoount it workswhen i use local user it s impossible to log on switch how does failback work ?i ve tried differen...