Solved: Mix hotspot with employee BYOD

blandrum · ‎09-28-2017

Scenario I'm trying to resolve -

User plugs in to an open network jack, ISE directs them to a portal page where they have two options - Click through for "guest" access (no registration or login required), or see a link for Employee access which would direct them to a login page where they would enter their AD credentials.

Inbuilt pages in ISE 2.3 seem to either reflect one or the other, but not a mixture.

Jason Kunst · ‎09-28-2017

Please look at the options on the community

http://cs.co/ise-community

guest web auth page

there is an option under special flows

View solution in original post

Jason Kunst · ‎09-28-2017

Please look at the options on the community

http://cs.co/ise-community

guest web auth page

there is an option under special flows

paul · ‎09-28-2017

Brad, just as an FYI I usually discourage customers from offering any type of guest access on wired. I am assuming the customer has guest wireless so there should be no legitimate business reason to have wired guest access. My default rule in ISE directs the user to a guest hotspot portal with no AUP that says "You have been denied access to the network. Please contact help desk at (xxx) xxx-xxxx for further assistance.".

You make sure your redirect ACL and DACL allows all traffic to and from the ISE PSNs so profiling still works.