Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Guest Portal Access using ISE

I'm reposting over here from the wireless forum since this seems more of an ISE issue.

I’m having an issue setting up the Guest Port Access for our wireless network.

I’m trying to setup an SSID anchored in the DMZ for internet access only. The authentication to this would be granted via the ISE Guest Access Portal.

I’ve got the SSID created and tested working with no authentication.

When I enable the Guest Portal (per these instructions http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080bba10d.shtml), I can login and create a guest account. Have the guest go to the portal, login, hit ‘I accept’, but then instead of redirecting them to whatever page they tried to access, it sends them back to the guest login page (with still no access to the network resources).

Attached is what the log in ISE looks like.

tlaptop1 is the guest login that I used for the test machine.  Again, it accepted that login with no issue giving me the usage policy and once I hit 'I agree', it stalls and I get all the failures as I've shown here.

Please ignore the red lines - those are not applicable to this issue.

Am I missing a simple setting somewhere?

Thanks,

Pete

Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions

Guest Portal Access using ISE

Pete,

You should be able to edit the shared secret.

Tarik Admani
*Please rate helpful posts*

Tarik Admani *Please rate helpful posts*
7 REPLIES
New Member

Re: Guest Portal Access using ISE

I'm seeing this in the logs on the Anchor controller (slaptop1 is a test accnt).

Guest Portal Access using ISE

Did you configure the authentication from the anchor controller? The error message looks like the shared secret is incorrect. Please make sure that the shared secret from the anchor controller and the ISE node are the same. Even though you see the green this means that the user authentication to the ISE guest page was correct. However the return radius authentication was incorrect.

Here is a brief explanation on how the web authentication feature works, once the user authenticates to the portal, the WLC makes a radius request in order to pull the attributes since that can not be done via https.

Please note step 12 here - http://www.cisco.com/en/US/docs/security/ise/1.1.1/user_guide/ise_guest_pol.html#wp1296954

Thanks and good luck!

Tarik Admani
*Please rate helpful posts*

Tarik Admani *Please rate helpful posts*
New Member

Re: Guest Portal Access using ISE

Thanks for the tips!

I tried to remove the radius server settings and re-add them to the Anchor controller but ran into issue.

When removing I get the following error - 'Authentication Server could not be deleted as it is being used by either a WLAN or Mesh Radius Server Configuration'.

I disabled it under the AAA settings on all the WLAN's without any luck.

Any thoughts?

Thanks again,

Pete

Re: Guest Portal Access using ISE

I wouldn't worry about removing it, just set the shared secret to something simple to see if that fixes the issue.

Sent from Cisco Technical Support iPad App

Tarik Admani *Please rate helpful posts*
New Member

Re: Guest Portal Access using ISE

I think the only way I can edit the shared secret on the WLC is to remove and re-add.  I don't see an option to edit.

Guest Portal Access using ISE

Pete,

You should be able to edit the shared secret.

Tarik Admani
*Please rate helpful posts*

Tarik Admani *Please rate helpful posts*
New Member

Guest Portal Access using ISE

Got it -   Tested Working!

Thanks for your help, Tarik!

1495
Views
10
Helpful
7
Replies
CreatePlease login to create content