Here are the steps we used to test and validate this scenario with ISE version 2.2:
1. Created a basic HTML page that informs the Guest that network access is denied due to either non-business hours or the daily time has been exceeded. Uploaded the page to the Work Centers > Guest Access > Custom Portal Files repository.
2. Created a Time and Date Condition for the non-business time range of 5pm - 8am.
3. Created an Endpoint Identity Group called EIG_HotspotPurge1Day and added an Endpoint Purge Policy rule that is run daily before 8am.
4. Created the Hotspot Portal with the Endpoint ID Group set to EIG_HotspotPurge1Day.
5. Created three Authorization Profiles:
AuthZ-Wireless-Redirect-Hotspot: Standard Hotspot redirection pointing to the Hotspot Portal.
AuthZ-Wireless-Redirect-BlockPage: Redirect to the custom HTML block page using the Advanced Attributes. The URL for the page is copied from the Custom Portal Files page.
AuthZ-Wireless-PSK-Guest: Standard ACCESS-ACCEPT response with a Reauthentication timer of 900 seconds sent to the WLC.
6. Created a new Policy Set to match on the SSID name (iselabpsk).
Note: The customer also wanted the SSID to use a Pre-Shared Key, so we used WLC code 18.104.22.168 with the settings from the link below. The same could be done with an open SSID commonly used for wireless Guest.
Is there a best practice around handling Cisco FlexConnect APs and their switchport configuration when doing profiling? Flex APs require commands relating to trunking and native VLAN etc. - which is different to the usual port template ...
Hello, Is there any keepalive mechanism between the switch and ISE. I need to know if there is a way which can enable the switch to know if ISE server is online and available at any particular time.The idea is that lets suppose we try to authenticate...
Hello Experts, I want to utilize existing hardware for Stealthwatch Enterprise deployment. We have UCS 5108 with B200 M5 Servers. I am following below link for the Virtual Server sizing: https://www.cisco.com/c/dam/en/us/td/docs/security/stealth...
i have been asked to list a switch under radius control , some switches are already added under it but im supposed to add any switches that arent , can i simply add the same command to other switches? also the key is made of numbers do i just paste the ke...