View Cart
0 Items | Total: US$0.00
Welcome,      Register

You are here

Home » Security » SEC0196 - ISE 1.3 Guest Access with Hotspot (Part 1)

SEC0196 - ISE 1.3 Guest Access with Hotspot (Part 1)

Rating: 
5
Average: 5 (1 vote)
Difficulty Level: 
0
Lab Document: 
<Please login to see the content>
Category: 
Security
The video demonstrates the first guest access deployment model on Cisco ISE 1.3 called Hotspot. We will be configuring ISE to allow our guest users to perform a single-click type of login to access internet, including an access code enforcement. We will also show how to provide better user experience by not having user encountering login portal after first login using automatic device registration, or if desired control how often users should be redirected back to the login page using Endpoint Purge.
 
Part 1 of this video shows configuration on ISE to build hotspot guest access
 
Topic:
  • WLAN SSID Configuration
  • Endpoint Identity Group
  • Hotspot Guest Portal
  • Authentication Policy (WLAN MAB)
  • Policy Element Result
    • Authorization (Downloadable ACL)
    • Authorization (Authorization Profile)
  • Authorization Policy
  • Endpoint Purge
Tag: 
ISE
ise 1.3
vpn
posture
anyconnect
coa
asa
posture module

About Author

Metha Chiewanichakorn, CCIE#23585 (Ent. Infra, Sec, SP), is a Cisco networking enthusiast with years of experience in the industry. He is currently working as a consulting engineer for a Cisco partner. As a founder of and an instructor at labminutes.com, Metha enjoys learning and challenges himself with new technologies.
http://www.linkedin.com/in/methachiewanichakorn

4 comments

Submitted by r3dz0n3 on Sun, 05/21/2017 - 19:20

I know that there was a Cisco Bug: CSCut93791 - Change Hotspot CoA type from Admin-Reset to ReAuth for ISE 1.3. I'm getting the same result with ISE 2.0. User gets redirected to ISE Hotspot Portal and after accepting the AUP, the client gets disconnected and has to associate again.

Authentication Success Setting: Once authenticated, take guest to:
Authentication Success page

Have you seen this issue?

Submitted by admin on Sun, 05/21/2017 - 21:46

We have not run into this in 2.0 or even 2.2. You may want to apply the latest 2.0 patch if not already. BTW, ISE 2.2 Hotspot portal allows you to select between ReAuth and Terminate for CoA.

Submitted by Hazem1 on Mon, 10/23/2017 - 11:55

Hi
i did not know where to post this question , so i posted here
can i have port security configured along with the normal ise switch port configuration or not and if i can what will be the behavior , can i get example
thanks in advance for your reply
BR

Submitted by admin on Thu, 10/26/2017 - 21:27

802.1X and port-security work independently so you can have both on the same port.