Use Case 1: Meraki LWA (Local Web Authentication) integrated with ISE.
Meraki now supports ISE CWA flow. This should be used, otherwise LWA can still be used. As of May 2016 Meraki doesn't support ISE portal when the guest network is in a DMZ and needs to be tunneled back to MX (L3 Tunnel). Meraki hosts the splash page that authenticates against the ISE guest database. Meraki doesn't have a self-registration portal. You can setup a link on the Meraki Splash to the ISE self-registration portal so the user can create an account. There is no way to link directly to the Don't have an account function so the script below will redirect the browser automatically.
To embed a link to ISE self-reg portal from Meraki, see the entry at the end of this post
Use Case 2: Central Kiosk to perform self-registration
Setup a machine with web browser in a lobby where the user can come in and register and print an account for themselves. This is a secure way to prevent people outside of the building from registering. You don't have to worry about them being emailed or texted the credentials as they can prevent for themselves. You can have 1 portal allowing self-registration, this would be used for the kiosk. The portal that the user is redirected to when connecting to wireless or wired network wouldn't have the option for self-registration (allow user to create their own account). The link on the browser would go to the main portal test URL and then it would be auto-redirected to the registration page.
Use Case 3: Customer says most of their visits to the portal page are to create an account so they want to bypass initial login.
When a user is first redirected to the ISE portal they go right to the self-reg flow to create an account and automatically login (option in the portal page flow under self-reg success page). They can also be notified of their credentials to use later on via email or SMS. When they visit the page again the script won't redirect them.
Here we are having JS push the link upon page entry to the Login page so that you immediately redirect to the Self-Reg page. But if you hit Cancel on that page you will be sent back to the Login page (you already have an account) then it won't redirect.
This code is placed in the Optional Content 2 area of the Login page when under the HTML editor (far right on the actions bar):
The following code will redirect to self-reg when you first visit the login page. After that if you click cancel on self reg page or or return back to the login page after completing registration it will no longer redirect you.
Hi, DO i nd to add "ip helper-address <ISE server IP>" in each vlan refer to ISE server? Wht will happen if i dont add this ip-helper command to every vlan in the switch 802.1x activated? What is the function and will it interrupt my switc...
Hello,I just joined a small company and I am familiarizing with the Ironport ESA appliance (C100V). I can't figure out why can't our branch office (LAN2LAN) access to the ESA like we do in main office ? I went through all our network ...
Hi all Does Cisco has a good document which gives the recommendations to which standards are today the best practice in terms of security, for IPSec VPNs? Everybody know that DES and 3DES no longer should be used, also DH1-5 are considered as insecur...
Hello, I have FTD on ASA 1010 and I would like to block file exchange to and from google drive. I have set up a rule with no luck. Where do you suggest is the best place to put the rule? Access policy or somewhere else? Thanks and reg...
Hi,I tried guest flow in ISE 2.7 and I'm facing issue with initial MAC authentication for redirect. I have standard configuration - identity source Guest Users with "If User now found" option set to Continue - the standard settings I guess.When the MAC ar...