Cisco Support Community
Community Member

ISE 1.2 AUP Multi-Portal Configuration

Currently we have ISE 1.2 configured using a multi-portal configuration.  We use a guest portal for both Guest Access and for devices we consider non-compliant employee.  Guest users are authenticated against an inernal user database in ISE, and the company owned devices auth against AD.  If we login with a guest account that was created using the sponsor portal, we do not get the acceptable usage policy to check before getting access. If we login using the AD account, we do get the Acceptable Usage Policy to check before getting access.  It appears this is the same portal, so why do we not get it for both?


Requiring an Acceptable Use

Requiring an Acceptable Use Policy for Guests

You can display an acceptable use policy which guests must accept to fully enable their account. If guests do not accept the policy, they will not obtain network access.

Before You Begin

Create a Guest portal, or use an existing one. The acceptable use policy is specific to each Guest portal.

Step 1 Choose Administration > Web Portal Management > Settings > Guest > Multi-Portal Configuration.

Step 2 Check the Guest portal to update and click Edit.

Step 3 Click the Operations tab.

Step 4 Choose one of these options to determine whether guest users must agree to an acceptable use policy:

Not Used

First Login

Every Login

Step 5 Click Save.

Community Member

I understand the

I understand the configuration.  What is happening right now is if we check First Login, we do not get the AUP at all. We ensured the endpoint was deleted from the ISE database.  If we check everytime, we get the AUP. 

Cisco Employee

for guest AUP configuration

for guest AUP configuration


AUP for posture assesment config

Cisco ISE finds the AUP for the first matched user identity group, and then it communicates to the NAC Agent and Web Agent that displays the AUP.

CreatePlease to create content