Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Registration Portal Loop in ISE

After the user logs into the portal and register its device I can´t seem to find a way for an auth policy to capture the data and permit the device into the network. So the flow would be MAB->CWA->Permit access if users are in identity group name "X". here is my auth policy that doesn´t work



Cisco Employee

I see that your authorization

I see that your authorization policy calls for a check if the device was registered. A device becomes registered either by using DRW (Device Registration Web Auth) or via the BYOD provisioning flow. Looking at your example I don't think you are using either one of those. I am guessing that if you remove that check in your condition then your authentications would be successful. 

Hope this helps!


Thank you for rating helpful posts! 

Thank you for rating helpful posts!
New Member

Thank you Neno, I changed to

Thank you Neno,


I changed to policy to registered devices and wireless MAB and it worked but it seems too general and not that usefl security wise. It actually did was I was looking for in the registration flow, MAB then redirected to guest portal and then allowed the client to register its device then It granted access to a vlan with more priviledges.


I want to take out the self registration portal for guest users (or in this case corporate) and I did but then it goes back to the registration loop. It seems that I have not been able to catch the correct variables for the second authorization for this flow.

Cisco Employee

I agree that it would be nice

I agree that it would be nice to be able to do device registration and guest logins but that is just not there yet. I have suggested to Cisco so we can only hope that the feature makes it to ISE :)

If you are still having issues you should make the rules as simple as possible then test. If behavior is as expected then add more conditions. If you are still unable to figure it out post some screen shots from the Live Authentications window and then some screenshots from the detailed screen. Also, make sure that you don't have the "Enable Self-Provisioning Flow" enabled under the Operations tab in your HTML portal. 


Thank you for rating helpful posts!


Thank you for rating helpful posts!
CreatePlease login to create content