03-19-2014 08:22 AM - edited 03-10-2019 09:33 PM
Currently we have ISE 1.2 configured using a multi-portal configuration. We use a guest portal for both Guest Access and for devices we consider non-compliant employee. Guest users are authenticated against an inernal user database in ISE, and the company owned devices auth against AD. If we login with a guest account that was created using the sponsor portal, we do not get the acceptable usage policy to check before getting access. If we login using the AD account, we do get the Acceptable Usage Policy to check before getting access. It appears this is the same portal, so why do we not get it for both?
03-19-2014 09:38 PM
You can display an acceptable use policy which guests must accept to fully enable their account. If guests do not accept the policy, they will not obtain network access.
Before You Begin
Create a Guest portal, or use an existing one. The acceptable use policy is specific to each Guest portal.
Step 1 Choose Administration > Web Portal Management > Settings > Guest > Multi-Portal Configuration.
Step 2 Check the Guest portal to update and click Edit.
Step 3 Click the Operations tab.
Step 4 Choose one of these options to determine whether guest users must agree to an acceptable use policy:
–Not Used
–First Login
–Every Login
Step 5 Click Save.
03-20-2014 02:16 PM
I understand the configuration. What is happening right now is if we check First Login, we do not get the AUP at all. We ensured the endpoint was deleted from the ISE database. If we check everytime, we get the AUP.
03-26-2014 05:27 AM
for guest AUP configuration
AUP for posture assesment config
Cisco ISE finds the AUP for the first matched user identity group, and then it communicates to the NAC Agent and Web Agent that displays the AUP.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide