Here are the steps we used to test and validate this scenario with ISE version 2.2:
1. Created a basic HTML page that informs the Guest that network access is denied due to either non-business hours or the daily time has been exceeded. Uploaded the page to the Work Centers > Guest Access > Custom Portal Files repository.
2. Created a Time and Date Condition for the non-business time range of 5pm - 8am.
3. Created an Endpoint Identity Group called EIG_HotspotPurge1Day and added an Endpoint Purge Policy rule that is run daily before 8am.
4. Created the Hotspot Portal with the Endpoint ID Group set to EIG_HotspotPurge1Day.
5. Created three Authorization Profiles:
AuthZ-Wireless-Redirect-Hotspot: Standard Hotspot redirection pointing to the Hotspot Portal.
AuthZ-Wireless-Redirect-BlockPage: Redirect to the custom HTML block page using the Advanced Attributes. The URL for the page is copied from the Custom Portal Files page.
AuthZ-Wireless-PSK-Guest: Standard ACCESS-ACCEPT response with a Reauthentication timer of 900 seconds sent to the WLC.
6. Created a new Policy Set to match on the SSID name (iselabpsk).
Note: The customer also wanted the SSID to use a Pre-Shared Key, so we used WLC code 220.127.116.11 with the settings from the link below. The same could be done with an open SSID commonly used for wireless Guest.
i have a customer which installed fmc+ftd 2110 ver 6.4 with internet speed of 900mbps , he have almost 2000 user , whenever we check the internet speed on any device it shows 30-50 mbps , he is telling me the firewall is causing a internet slow...
See attached config and log results.When Admin logs with SSH on Switch, ISE assigned the proper shell profile but never assign the Command Set when he types commands. See figure "TACACS Log Pass authorization but without Command set applied.jpg"Plea...
Okay, this is my first time here. I am setting up a home lab. Router(2921) to a layer 3 switch(3560) to an ASA(5520). The router to layer 3 switch works fine. On the switch I have 2 vlans setup (vlan 1 10.4.0.1/24, vlan 2 10.3.0.1/24) connected directly t...