09-28-2017 12:35 AM
GUEST - Can we redirect based on device type "profile" to a different portal ?
For example a LAPTOP user will get redirected to a Sponsor approval guest portal , but a MOBILE user gets redirected to a Self reg / hotspot portal ?
Thx
Greg
Solved! Go to Solution.
09-28-2017 04:29 AM
I don’t see this as a viable option
You would need to know what the device is before you hit the portal and there really isn’t enough data until it hits the portal to get the user agent string from the browser
Then how you would be redirected to another portal after your profile has changed?
You could try setting coa terminate by bouncing session but this would result in user confusion
Not a supported or recommended solution
There would have to be an enhancement to change the requirements on same portal but not something likely to provide as it would be a really new request that I have never heard before
I don’t understand the differentiation requirement either
09-28-2017 04:29 AM
I don’t see this as a viable option
You would need to know what the device is before you hit the portal and there really isn’t enough data until it hits the portal to get the user agent string from the browser
Then how you would be redirected to another portal after your profile has changed?
You could try setting coa terminate by bouncing session but this would result in user confusion
Not a supported or recommended solution
There would have to be an enhancement to change the requirements on same portal but not something likely to provide as it would be a really new request that I have never heard before
I don’t understand the differentiation requirement either
09-28-2017 05:54 AM
Actually this could work and would only affect the user the first time they are ever seen by ISE. You can use the CoA reauth action in your Mobile Device vs. Laptop profiles in ISE to make this work. You can setup 3 redirect rules in your policy set:
If profiled as mobile device send to hotspot/self-reg portal.
If profiled as laptop send to sponsor only portal
else send to Figure Out Device Type Portal
The Figure Out Device Type Portal is simply a hotspot portal with no AUP so all you would normally see is the success message. Instead of the success message you say something like "Please wait while we identify your device type in order to send you to the correct guest portal. Click here to continue."
The word "here" would be a hyperlink to any web site. It doesn't matter which one. As soon as they hit the portal, ISE will gather the User Agent and reprofile them to your laptop vs. mobile profiles and the CoA reauth will be sent. By the time the user reads the text and clicks "here" they will already be sitting at the correct redirect on the WLC. The click "here" will result in them getting redirected to the correct portal.
This is all theory, but the tools are all there in ISE to do it. Not saying I would do this or how this will all look in the psuedo browsers on the mobile devices but it should work. Again this would only happen the first time the ISE sees the MAC address. Every time they connect after that they are profiled correctly and hit the correct portal.
09-28-2017 06:10 AM
good point paul! Keep in mind that this would require the plus license as well
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide