01-22-2018 01:29 PM
We are running ISE 2.1 patch 5. After guest clicks on Accept we still get the redirection URL and we found that the Identity Group Assignment is never switched to GuestEndpointGroups.
Does this look like a bug ? There is nothing wrong with the configuration.
Solved! Go to Solution.
01-22-2018 01:47 PM
By default (unless something was changed in profiler, etc) it wouldn’t be in an endpoint group until you went through the guest flow.
Is this a fresh install? Why aren’t you on patch 6?
Your policy should be
If wireless_mab and guestendpoint then permit access
If wireless_mab then redirect
Otherwise please open a tac case
01-22-2018 01:33 PM
I have a concern with the switching identity group part
Are you saying that its in one identity group in the beginning and then you want to switch?
Guest is mean to take unknown fresh endpoint and move it into the guestendpointgroup.
I don’t believe we support switching identity group through the portal after its already in another group
01-22-2018 01:39 PM
Initially it is profiled as Workstation and is placed into Workstation meanwhile the endpoint gets a web redirection.
Then after the guest registers shouldn't it get placed into GuestEndpoints Identity Group ?
01-22-2018 01:47 PM
By default (unless something was changed in profiler, etc) it wouldn’t be in an endpoint group until you went through the guest flow.
Is this a fresh install? Why aren’t you on patch 6?
Your policy should be
If wireless_mab and guestendpoint then permit access
If wireless_mab then redirect
Otherwise please open a tac case
01-22-2018 02:01 PM
It's not a fresh install (even though we might plan a patch upgrade) and we have the same authorization policies like you mentioned.
If wireless_mab and guestendpoint then permit access
If wireless_mab then redirect
The endpoint connects and gets profiled as Windows7-Workstation while it gets the URL redirection but remains there even after the guest registers and accepts and hence hits the default rule again.
We have referred the guestendpoint group correctly in the guest portal.
01-22-2018 02:10 PM
is the guest portal set to register the endpoint? guest device registration settings for the portal?
Were any of the profiler setting changed? for workstation?
Do you have a fresh setup to compare it to?
I would suggest a tac case
01-25-2018 10:34 AM
My bad. We were missing Registration
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide