09-28-2017 12:16 PM
Scenario I'm trying to resolve -
User plugs in to an open network jack, ISE directs them to a portal page where they have two options - Click through for "guest" access (no registration or login required), or see a link for Employee access which would direct them to a login page where they would enter their AD credentials.
Inbuilt pages in ISE 2.3 seem to either reflect one or the other, but not a mixture.
Solved! Go to Solution.
09-28-2017 12:22 PM
Please look at the options on the community
http://cs.co/ise-community
guest web auth page
there is an option under special flows
09-28-2017 12:22 PM
Please look at the options on the community
http://cs.co/ise-community
guest web auth page
there is an option under special flows
09-28-2017 01:42 PM
Brad, just as an FYI I usually discourage customers from offering any type of guest access on wired. I am assuming the customer has guest wireless so there should be no legitimate business reason to have wired guest access. My default rule in ISE directs the user to a guest hotspot portal with no AUP that says "You have been denied access to the network. Please contact help desk at (xxx) xxx-xxxx for further assistance.".
You make sure your redirect ACL and DACL allows all traffic to and from the ISE PSNs so profiling still works.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide