Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
10921
Views
5
Helpful
4
Replies

Cisco ISE Guest Sponsor Portal Isssue

Go to solution
Pranav Gade
Level 1
Level 1

‎08-09-2012 10:31 PM - edited ‎03-10-2019 07:24 PM

Dear all ,

We have insatalled 5 ise 3315 boxes IOS 1.0.4 in our network where in two of them are admin node , two of policy services and one is mnt node. We are using guest sponsor portal for wirless guest user where in we have integrated WLC 5508 with ise and using weblogin for guest users.

We have created open ssid in wlc and using external redirected url of ise for guest login page.

But when we create any guest user in sponsor login for guest user we faced following issue

1) When guest user gets conected to wirless and login in to guest portal with credential after putting credential  then its again redirect to same login page

wihout successful login prompt.

Can we pompt successful login after guest login to guest portal or redirect to any other link like google.com so guest user will gets to know he is able to access internet now

2) We have creted time profile 8hours first login for guest user. When guest user gets connected while putting credential in to guest portal.

But we face issue after approximately every 20 mins guest gets disconnected from internet and guest again gets login page of guest portal and if we put same credential then its working but after approx 20 min interval user get disconnected from internet.

Can anyone help me to resolved above issue regading cisco ise guest sponsor portal

Thanks & Regards

Pranav Gade

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Tarik Admani
VIP Alumni
VIP Alumni

‎08-10-2012 12:33 AM

Pranav your answers are inline,

1) When guest user gets conected to wirless and login in to guest  portal with credential after putting credential  then its again redirect  to same login page

wihout successful login prompt. When you are using CWA (central web authentication) there is no way we can redirect users using the redirect-url because this will always redirect users for every time they initiate a web request. There is no other coa feature that will remove this condition since they have already been authenticated.  Here is a guide that explains the user experience when using central web auth -

http://www.cisco.com/en/US/docs/security/ise/1.1.1/user_guide/ise_guest_pol.html#wp1296954

Can  we pompt successful login after guest login to guest portal or redirect  to any other link like google.com so guest user will gets to know he is  able to access internet now No this is not possible, you can change the verbage and force the AUP to be displayed informing users that they can retry their web request after hitting the accept button.

Here is the documented experience once users go through the guest process -

http://www.cisco.com/en/US/products/ps11640/products_configuration_example09186a0080ba6514.shtml#final

2)  We have creted time profile 8hours first login for guest user. When  guest user gets connected while putting credential in to guest portal.

But  we face issue after approximately every 20 mins guest gets disconnected  from internet and guest again gets login page of guest portal and if we  put same credential then its working but after approx 20 min interval  user get disconnected from internet. Check the advanced timer on your SSID as you may be hitting the session timeout on the WLC. Please disable this option and let the COA feature in ISE expire user sessions on the controller.

Thanks,

Tarik Admani
*Please rate helpful posts*

View solution in original post

Go to solution
Tarik Admani
VIP Alumni
VIP Alumni
In response to Pranav Gade

‎08-10-2012 10:50 AM

Pranav,

I dont know that a setting exists.

Attached is a screenshot of the timer that I am referencing.

thanks.

Tarik Admani
*Please rate helpful posts*

View solution in original post

Preview file
140 KB
0 Helpful
4 Replies 4

Go to solution
Tarik Admani
VIP Alumni
VIP Alumni

‎08-10-2012 12:33 AM

Pranav your answers are inline,

1) When guest user gets conected to wirless and login in to guest  portal with credential after putting credential  then its again redirect  to same login page

wihout successful login prompt. When you are using CWA (central web authentication) there is no way we can redirect users using the redirect-url because this will always redirect users for every time they initiate a web request. There is no other coa feature that will remove this condition since they have already been authenticated.  Here is a guide that explains the user experience when using central web auth -

http://www.cisco.com/en/US/docs/security/ise/1.1.1/user_guide/ise_guest_pol.html#wp1296954

Can  we pompt successful login after guest login to guest portal or redirect  to any other link like google.com so guest user will gets to know he is  able to access internet now No this is not possible, you can change the verbage and force the AUP to be displayed informing users that they can retry their web request after hitting the accept button.

Here is the documented experience once users go through the guest process -

http://www.cisco.com/en/US/products/ps11640/products_configuration_example09186a0080ba6514.shtml#final

2)  We have creted time profile 8hours first login for guest user. When  guest user gets connected while putting credential in to guest portal.

But  we face issue after approximately every 20 mins guest gets disconnected  from internet and guest again gets login page of guest portal and if we  put same credential then its working but after approx 20 min interval  user get disconnected from internet. Check the advanced timer on your SSID as you may be hitting the session timeout on the WLC. Please disable this option and let the COA feature in ISE expire user sessions on the controller.

Thanks,

Tarik Admani
*Please rate helpful posts*

Go to solution
Pranav Gade
Level 1
Level 1
In response to Tarik Admani

‎08-10-2012 12:51 AM

Thanks Tarik for you support and reply ..

for 1st issue we are getting login successful flash window which apper after putting credential but its just for some fraction of sec. Can we able to hold is prompt so user will get an idea that he's login gets susccesul and now able to access internet.

for 2nd issue I will check that ssid timer in wlc and will let you know for the same

Thanks

Pranav

0 Helpful

Go to solution
Tarik Admani
VIP Alumni
VIP Alumni
In response to Pranav Gade

‎08-10-2012 10:50 AM

Pranav,

I dont know that a setting exists.

Attached is a screenshot of the timer that I am referencing.

thanks.

Tarik Admani
*Please rate helpful posts*

Preview file
140 KB
0 Helpful

Go to solution
Pranav Gade
Level 1
Level 1
In response to Tarik Admani

‎08-12-2014 02:06 AM

Hi Tarik ,

 

We have ise 1.2.1 and still facing the same issue - 

 We have creted time profile 8hours first login for guest user. When  guest user gets connected while putting credential in to guest portal.

But  we face issue after approximately every 20 mins guest gets disconnected  from internet and guest again gets login page of guest portal and if we  put same credential then its working but after approx 20 min interval  user get disconnected from internet.

Even session time out interval in WLC is disable

Can you help me on the same

 

Thanks & Regards

Pranav

0 Helpful
Customers Also Viewed These Support Documents