View Cart
0 Items | Total: US$0.00
Welcome,      Register

You are here

SEC0196 - ISE 1.3 Guest Access with Hotspot (Part 1)

Average: 5 (1 vote)
Difficulty Level: 
Lab Document: 
<Please login to see the content>
The video demonstrates the first guest access deployment model on Cisco ISE 1.3 called Hotspot. We will be configuring ISE to allow our guest users to perform a single-click type of login to access internet, including an access code enforcement. We will also show how to provide better user experience by not having user encountering login portal after first login using automatic device registration, or if desired control how often users should be redirected back to the login page using Endpoint Purge.
Part 1 of this video shows configuration on ISE to build hotspot guest access
  • WLAN SSID Configuration
  • Endpoint Identity Group
  • Hotspot Guest Portal
  • Authentication Policy (WLAN MAB)
  • Policy Element Result
    • Authorization (Downloadable ACL)
    • Authorization (Authorization Profile)
  • Authorization Policy
  • Endpoint Purge

About Author

Metha Chiewanichakorn, CCIE#23585 (Ent. Infra, Sec, SP), is a Cisco networking enthusiast with years of experience in the industry. He is currently working as a consulting engineer for a Cisco partner. As a founder of and an instructor at, Metha enjoys learning and challenges himself with new technologies.


I know that there was a Cisco Bug: CSCut93791 - Change Hotspot CoA type from Admin-Reset to ReAuth for ISE 1.3. I'm getting the same result with ISE 2.0. User gets redirected to ISE Hotspot Portal and after accepting the AUP, the client gets disconnected and has to associate again.

Authentication Success Setting: Once authenticated, take guest to:
Authentication Success page

Have you seen this issue?

We have not run into this in 2.0 or even 2.2. You may want to apply the latest 2.0 patch if not already. BTW, ISE 2.2 Hotspot portal allows you to select between ReAuth and Terminate for CoA.

i did not know where to post this question , so i posted here
can i have port security configured along with the normal ise switch port configuration or not and if i can what will be the behavior , can i get example
thanks in advance for your reply

802.1X and port-security work independently so you can have both on the same port.