cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4005
Views
5
Helpful
22
Replies

Cisco ISE - Redirect CWA

David Boos
Level 1
Level 1

I'm new to ISE and have run into a snag that I'm not sure how to handle.  I have CWA configured and when I access the ISE SSID I am redirected to the guest login page.  When I login it asks me to accept the AUP, I accept, it tells me authentication is successful but when I try to browse to another site I can't get anywhere and it brings me right back to the guest login page.  Any ideas or suggestions?

22 Replies 22

Is boos179 the guest account you are trying to authenticate with?

Thanks

Tarik Admani

Yes, I've attached my identity sequence below.  I've allowed anyone with an AD credential to login to the guest portal using their AD credential as a guest. Boos179 is my username.

That makes sense now, so you are not being dynamically mapped to the Guest as you would assume. You need to create another authorization policy that matches the group that you would like to allow your domain users (i.e. Domain Users).

You need to create this condition first by defining the group in Active directory (Administration > Identities > External Identity sources > Active Directory > Groups > Add > (there is a 100 group limit so you can search Domain* and that will pull anything that matches Domain and the wildcard).

If you have done the already they create another authoriztion policy and use this following:

Policy > Authorization > Insert New Rule [Above | Below] > Conditions (Create New Condition [Advance Option]) > Select Attribute (AD1 > ExternalGroup EQUALS [the group you chose before] > Set your result

Then test that should do the trick.

Thanks

tarik Admani

This is my new authorization policy, I'm a but confused though. What does the last policy (MAC not Known) actually do then? I will have to test in the morning to find out if this works.

Replace the condition on the left from Guest to Any....the policy you defined below is to redirect all mab requests to the redirection portal where the user can enter then authentication information.

Thanks,

tarik admani

As always please remember to rate any feedback that you find helpful.

So this is what it should be?

That looks great!

Thanks, works as expected.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: