Here are the steps we used to test and validate this scenario with ISE version 2.2:
1. Created a basic HTML page that informs the Guest that network access is denied due to either non-business hours or the daily time has been exceeded. Uploaded the page to the Work Centers > Guest Access > Custom Portal Files repository.
2. Created a Time and Date Condition for the non-business time range of 5pm - 8am.
3. Created an Endpoint Identity Group called EIG_HotspotPurge1Day and added an Endpoint Purge Policy rule that is run daily before 8am.
4. Created the Hotspot Portal with the Endpoint ID Group set to EIG_HotspotPurge1Day.
5. Created three Authorization Profiles:
AuthZ-Wireless-Redirect-Hotspot: Standard Hotspot redirection pointing to the Hotspot Portal.
AuthZ-Wireless-Redirect-BlockPage: Redirect to the custom HTML block page using the Advanced Attributes. The URL for the page is copied from the Custom Portal Files page.
AuthZ-Wireless-PSK-Guest: Standard ACCESS-ACCEPT response with a Reauthentication timer of 900 seconds sent to the WLC.
6. Created a new Policy Set to match on the SSID name (iselabpsk).
Note: The customer also wanted the SSID to use a Pre-Shared Key, so we used WLC code 22.214.171.124 with the settings from the link below. The same could be done with an open SSID commonly used for wireless Guest.
I'm reaching out to see if anyone knows how to configure a Cisco ASA to send RADIUS attribute 8 FRAMED-IP-ADDRESS to ISE. I would like this communicated to ISE so that it receives a VPN'd users IP address. Thanks.
Hi Guys, just want to double check with you. In FTD, I have 2 subnet and if I need to have intervlan for those 2 VLAN, do I still need to configure an identity NAT or any NAT?My target is doing intervlan routing between the 2 VLAN without any IP change.th...
Hi,I set up DVTI in EVE with 2 routers. HUB------SPOKE.Virtual-template is not showing up/down. Instead of up/up.Checked Phase1 and Phase2 parameters but not sure where I made a mistake.Attached diagram and configuration.Please take a look.
I tested using both Cisco ISE 2.4 (patch 9) and Cisco ISE 2.6 (patch 1). I have a user who successfully authenticated via RADIUS against ISE. Under ISE, Operations > Live Logs (and Live sessions), I see the user authenticated. After the accounting requ...