Cisco ISE comments Sponsor Isssue Portal

Similar Questions

• Cisco ISE comments Portal - DNS problem - External area

  Hello

  I have a client that has the following sceanrio:

  In a wireless deployment and deployment Cisco ISE 1.1.3 with CWA, when the wireless client receives the URL ISE redictect (URL to access the portal of ISE comments), this URL is based on the ISE DNS name, not on its IP address. Thus, the PC cannot solve this problem by DNS name because there is no DNS in the external area (for the guets) or by using the addresses of servers DNS ISP provided by the DHCP server, and therefore it cannot access the portal comments at all;

  I know that in an attempt to manually code the IP address - it doesn't (IE in the authorization profile CWA, the equivalent URL redirection via the pair av CISCO as follows:)

  Cisco-AV-Paire = redirect url =https://10.10.10.10:8443/guestportal/gateway? sessionId = sessionIdValue & action = cwa,)

  given that the sessionIdValue variable is not replaced by its real value when sending to the wireless client)

  My question is: this question has been addressed in version 1.2 of Cisco of ISE - has anyone tried it if has been processed? If not in Cisco 1.2 - does anyone know iof this feature will become available?

  Thanks in advance for your answers.

  Robert C.

  Robert,

  Manual assignment has been made available in version 1.2 of the ISE.

  M.

  

• Cisco ISE comments settings problem

  Hi all

  I hope that it will be a miracle.

  I'm unable to remove the San Jose of positions in the settings of comments with the following error ' cannot delete locations: San Jose: location referenced by another configuration. I have attached the parameters and error of reference.

  I checked all the settings in the comments tab and deleted any reference to San Jose, except if it is referenced in the configuration wizard which I wasn't involved in where else this could be referenced and how to remove it please? It is only cosmetic, but to create guest accounts it is frustrating, as shows the San Jose location when they are in fact located in the United Kingdom. I'm under Cisco ISE version 1.3.

  Thank you

  Mark

  It's a bug

  CSCus25245
  Description
  Symptom:
  In point 1.3 of the ISE, under settings - > location and SSID, we cannot delete the default location of San Jose.

  We get the error that it is referenced by another object.

  Conditions:
  ISE 1.3 - seek to remove the default location of San Jose.

• ISE comments 1.4 Portal certificate

  In an effort to improve the guest user to experience, we recently bought a public SSL certificate standard.  We generated the CSR of ISE and on condition that the seller to have it signed.  We then imported/bind in ISE for portals.  The goal was to reduce the certificate guests and certificate warnings.  However, after an initial test we are still getting these.  Missing something?  Is there a way to eliminate the pulse? Thank you.

  Yes if you have a complete chain installed, recharge the PSN and the test again. Alternatively, you can import the certificate .cer.

  ~ Jousset

• ISE comments 1.3 portals

  Hi all

  Anyone know of a bug in ISE 1.3.0.876 that prevents you from setting fields on the portal as mandatory self?

  It seems also impossible to get rid of the field "reason for visit.

  Concerning

  Roger

  Try these:

  CSCur89449

  CSCus35686

  Please rate useful messages and mark this question as answered if, in fact, does that answer your question.  Otherwise, feel free to post additional questions.

  Charles Moreton

• ISE comments print Notification Portal

  Hello

  with the old comments of NAC server, I was able to 'draw' the impression of notification of comments with HTML elements. With ISE I can only write plain text. Does anyone know how to change things like the size of the font for printed documents?

  Kind regards

  Andreas

  Unfortunately, it is not natively supported with ISE 1.2.  However, the notification of comments will be customizable using HTML in point 1.3 of the ISE.  This version will be released if all goes well during the last week of November.

  Please rate useful messages and mark this question as answered if, in fact, does that answer your question.  Otherwise, feel free to post additional questions.

  Charles Moreton

• Change the URL redirection in Cisco ISE 2.1.0 comments Portal CWA

  Hello

  I've set up a guest Portal CWA with WLC 5508 8.0.133.0 and ISE 2.1.0.

  I did all the rules both Authenticatin and authorization, and I also see customers hit the rules of law. The rule of being redirects the client to a captive portal in ISE like this: cisco-av-pair = redirect url =https://ip:port/Portal/Gateway? sessionId = SessionIdValue & Portal = d30c7eb0...

  I have 3 different customer portals for each SSID and everything works fine.

  The problem is that, when the wireless client receives the URL ISE redictect (URL to access the portal of ISE comments), this URL is based on ISE DNS name, not on its IP address. My ISE FULL domain name is iselab01.example.local and the certificate indicating that the portal comments field is example.local.

  Now I was asked to create a new portal of comments but this time I have the certificate belongs to the domain example.org and need to redirect to this new portal comments use this new domain.

  I tried to code, in the authorization profile CWA, redirection to equivalent URL through the CISCO av pair as follows:

  Cisco-av-pair = redirect url =https://iselab01.example.org:8443/Portal/Gateway? sessionId = SessionIdValu...

  but it does not work, since the sessionIdValue is not replaced with its actual value when sending to the wireless client.

  Is it possible to change the URL for redirection of ISE somewhere just for a portal of comments?

  Best regards

  Simply use the automatic CWA parameter in the authz profile, rather than enter the cisco-av-pair yourself, you will find that you can change the part of the FQDN of the url, if the session ID is kept intact.

• Cisco ISE 1.4 comments account Backup

  I currently deploy portal free registry for comments, I now of questions you want to certify, I just want to know to anyone facing the same problem as me.

  (1) except REST API any way to export the guest account

  (2) backup of the Appendix will include the guest account or not

  (3) what deployment node 2, guest account will sync on both nodes?

  Sorry for the bad English.

  Kind regards

  Alan

  1.] I don't think - I can see a well on the same feature request

  CSCty82007    ENH: Export invited accounts set up in ISE

  2.] Yes - backup should have all guest accounts.

  [3.] the Cisco ISE guest services use distributed the Cisco ISE management system to allow several Cisco ISE nodes to work in a deployment. Configurations performed on the head node is replicated to the secondary nodes.

  ~ Jousset

• The ISE comments and update of Broswer Security Portal

  Hi, last week our assistance service received a constant steam of calls regarding our wireless of comments.  For most people, the problem is that there are browser will not allow them on the portal.  After a bit of investigation, we have established that what happens on devices with the latest browsers - IE11, Firefox 39 + and Chrome.

  OS x and iOS devices and those devices with older browsers are working ok.

  We run ISE 1.1.3.124 which is a certain number of revisions behind so I assume it is the question that 'ignore' safety standards in these new browsers.

  My plan is to upgrade to version 1.2, and then to 1.3 which I had planned to do next month anyway, but I just wanted to see if there is a work around on the ISE, which can be implemented so that the upgrade is made a thoughtful and not rushed.

  Thank you.

  This problem is apparent on several Cisco - ISE and at least first Infrastructure products.

  A couple of threads to discuss and provide workarounds:

  Thread 1

  Thread 2

  ISE 1.3 (or 1.4) will fix it. In addition, ISE 1.2.1 Patch 7.

  Here's the official Cisco ISE Bug ID.

• ISE 1.4 - edition comments / sponsor email formatting

  Hello

  Is anyway to change the formatting (especially police) of the email that is sent to the e-mail address of the user used when creating accounts on the portal of Sponsor?

  I find that with Outlook, 'I' and '1' clients alike causing some grief users when you connect to the portal of comments. Is it possible to format the e-mail so that the password is displayed in a fixed width font?

  see you soon,

  SEB.

  SEB,

  Not sure if the output lead to what you're after, but to change the fields of text, that is identified below:

  To change the formatting of the email, including fonts for users created from a portal sponsored by comments, go to guest access > comments portals > Sponsor comments Portal > Portal Page personalization > Notifications > Email received.

  Change the email to sponsor guest access portal > portals comments > Sponsor portals > Sponsor Portal > Portal Page personalization > invited to notify > Email Notification.

• Upgrade to Cisco ISE

  Hello

  I have cisco ISE 1.0, which I want to spend 1.3 ISE. According to the upgrade path, I would need to follow this process

  1.0 > 1.1 (apply the latest patch) 1.2 > 1.3

  The bundle 1.0 to 1.1 is deferred. So I think to install a new 1.3 ISE as a virtual appliance and then configure it from there. I have not too clued up on ISE so I was wondering is there a way to backup on ISE 1.0 and 1.3 restoration?

  If this is not the case, what would be the best approach?

  Thank you

  Wow 1.0 to 1.4 is a big leap in functionality. You run this in your production network?

  Authentication and authorization should continue to work that you have configured the.

  On the top of my head

  -you come on duty return to the AD domain (if you have joined in the first place). Make sure you have the credentials of the service account to do.

  -Comments and other portals have been completely redesigned. If you have made any customizations, you're probably better it demolition and reconstruction by using the new tools of the portal generator.

  -Depending on whether you have advanced Base 1.0 licenses will take you through basic or Apex with 1.3 / 1.4.

  -ISE has a ton of other features that may or may not apply in your environment.

• Is it possible to map a promoter group in Cisco ISE to a group of users in Active Directory, using a RADIUS server?

  Hello!!

  We are working on a mapping between a promoter Cisco ISE group and a user group in Active Directory, but the customer wants the mapping through a RADIUS SERVER, to avoid the ISE by querying directly activate Directory.

  I know it is possible to use a RADIUS SERVER as source of external identity for ISE... but, is possible to use this RADIUS SERVER for this sponsor group manages?

  Thank you and best regards!

  Hi Rodrigo,

  The answer is no. There is no way to integrate the portal Sponsor config with a RADIUS server. Your DB for authentication Portal Sponsor options;

  AD
  LDAP
  User internal ISE DB

  Sent by Cisco Support technique iPhone App

• Cisco ISE (Identity Services Engine) - seeds SGA device?

  Hello

  We have a LAB with Cisco ISE, certificates and list DACL. Everything works fine with the 1.1.1 version but now we want to use the functionality of CMS - SGT instead of the ACL and we found that we need seed for this device and the only device that takes in charge the Nexus 7000 is. Is this true? What is the only way that we can use LMS - SGT? Are there plans that any other device will be used to seed device?

  BR, Marko

  The device of seed set as first device that communicates with the ISE. It must be a link.

  http://www.Cisco.com/en/us/docs/solutions/enterprise/security/TrustSec_2.0/trustsec_2.0_dig.PDF

  In addition the Nexus needs a license of Advanced Services installed in order to support the Trustsec.

  I can't comment on any future plans.

• Group of endpoint Cisco ISE 1.4 hotspot

  Patch 1.4 Cisco ISE 6

  Cisco WLC 8.0.121

  Setup

  the WLC has a named Hotspot SSID. It uses mac auth with radius of the NAC to redirect to the Hotspot portal of reviews on the ISE.

  drops flexconnect users in vlan 401 (with preAuthAcl), after the PSU, it is initially a COA to move users to VLANs 413 with permitInternetAcl

  Description of the problem:

  users connect to the SSID of the access point and get an IP address valid in vlan 401

  redirected to the page of the hotspot on the ISE with a PSU and the PIN code request.

  are they disconnect from the network and reconnect, the ISE sends a certificate of authenticity to move to 413 without the Hotspot portal.

  what I've noticed, is that as soon as users get the redirect of the original Web page, they are moved to the endpoint group defined in the hotspot portal.

  What I've read about this behavior makes me understand that it is a default behavior, but if that's the case then I'm not sure on how I can make my font to check if the PSU has been accepted.

  Thank you

  Maarten

  Portal.PNG

  

  Policy.PNG

  

  Profile.PNG

  

  Cisco WLC 8.2.100

  Patch 1.4 ISE 6

  Similar Hotspot ISE installation, of similar rules except change VLAN. I have observed the same behavior.

  This configuration was working on patch 5.

  Update:

  I found a solution based on the following bug. Use the following attribute in the authorization rule. The success page remains but no Instant Internet access is available using this workaround solution.

  https://Tools.Cisco.com/bugsearch/bug/CSCux22558/?referring_site=bugquic...

  ' Workaround:
  "Use the LEAST 24 endpoints: LastAUPAcceptanceHours for example (means PUA agreed less than 24 hours ago).

• Cisco Ise 1.3 with Flex to connect wireless supported function

  Hello

  My environment is formed ROUND of flex-mode connection wireless and cisco Ise 1.3, these features are supported?
  Basic functions of the AAA
  profiling
  posturing
  Substitution VLAN
  Substitution of the ACL
  Comments commissioning

  TrustSec 2.0 this MDC is not supported? someone try this feature?

  These all work with ISE 1.3 and FlexConnect WLAN.

  You need the right license ISE - the type of mobility (wireless) license will cover everything. If you have wired and wireless, then you must have basic (for most features) + more (for profiling) + Apex (for Posturing).