Cisco ISE, who created a ticket in portal sponsor

Hi I was wondering how do I see who created a guest in ISE of Cisco user ticket by using the Developer Portal without checking the logs of the system you have to download.

Is there a better way to do it?

Kind regards

operations > reports > endpoints and users > sponsor comments summary

The summary of Sponsor comments report displays all users comments created by each sponsor. Click on a sponsor's name to view information about guest users.

Tags: Cisco Security

Similar Questions

  • Cisco ISE comments Sponsor Isssue Portal

    Hi all

    We have insatalled 5 boxes of ise 3315 IOS 1.0.4 in our network where in two of them are admin node, two services strategy and has a node mnt. We using sponsor portal for guest user wirless comments where we integrated WLC 5508 with ise and using weblogin for guest users.

    We have created open ssid wlc and external aid redirected url to ise for the login page of comments.

    But when we create a guest in the sponsor for guest user connection, user that we faced after publication

    (1) when guest user gets connected to WiFi and connect to the portal of comments with credentials after putting the credentials then his new redirect to the same login page

    wihout invites successful connection.

    Can us guest login successful after comments connect to the portal of reviews or redirect any other link as google.com for guest user will be done the knowledge he is able to access the internet now

    (2) we have appointed time profile 8hours first user login guest. When the guest user gets connected while putting in credentials on the portal of comments.

    But we are facing problem after about 20 mins enhanced disconnects Internet and comments again Gets the login page of the portal of the guest and if we put the same credentials, then his work but after about 20 min interval disconnected Internet user.

    Can someone help me resolved on observation about covers them cisco ise comments sponsor Portal

    Thank you & best regards

    Pranav Gade

    Pranav your answers are online,

    (1) when guest user gets connected to WiFi and connect to the portal of comments with credentials after putting the credentials then his new redirect to the same login page

    wihout invites successful connection. When you use CWA (Central web authentication) there is no way we can redirect users by using the redirect url because it will always redirect users for each time they start a web request. There is no other cost functionality that will remove this condition because they have already been authenticated.  Here is a guide that explains the user experience when using web Central auth -

    http://www.Cisco.com/en/us/docs/security/ISE/1.1.1/user_guide/ise_guest_pol.html#wp1296954

    Can us guest login successful after login guest Portal comments or redirect any other link as google.com for guest user will be acquainted with it is able to access the internet now This is not possible, you can change the verbage and force the AUP to be displayed to users informing them that they can start their web request after hitting the button I accept.

    Here's to justify it experience, once users go through the process of reviews-

    http://www.Cisco.com/en/us/products/ps11640/products_configuration_example09186a0080ba6514.shtml#final

    (2) we have appointed time profile 8hours first user login guest. When the guest user gets connected while putting in credentials on the portal of comments.

    But we are facing problem after about 20 mins enhanced disconnects Internet and comments again Gets the login page of the portal of the guest and if we put the same credentials, then his work but after about 20 min interval disconnected Internet user. Check advance timer on your SSID you can be hitting the session on the WLC timeout. Please disable this option and let the functionality of COA ISE at expiration of the user on the controller sessions of.

    Thank you

    Tarik Admani
    * Please note the useful messages *.

  • Change the URL redirection in Cisco ISE 2.1.0 comments Portal CWA

    Hello

    I've set up a guest Portal CWA with WLC 5508 8.0.133.0 and ISE 2.1.0.

    I did all the rules both Authenticatin and authorization, and I also see customers hit the rules of law. The rule of being redirects the client to a captive portal in ISE like this: cisco-av-pair = redirect url =https://ip:port/Portal/Gateway? sessionId = SessionIdValue & Portal = d30c7eb0...

    I have 3 different customer portals for each SSID and everything works fine.

    The problem is that, when the wireless client receives the URL ISE redictect (URL to access the portal of ISE comments), this URL is based on ISE DNS name, not on its IP address. My ISE FULL domain name is iselab01.example.local and the certificate indicating that the portal comments field is example.local.

    Now I was asked to create a new portal of comments but this time I have the certificate belongs to the domain example.org and need to redirect to this new portal comments use this new domain.

    I tried to code, in the authorization profile CWA, redirection to equivalent URL through the CISCO av pair as follows:

    Cisco-av-pair = redirect url =https://iselab01.example.org:8443/Portal/Gateway? sessionId = SessionIdValu...

    but it does not work, since the sessionIdValue is not replaced with its actual value when sending to the wireless client.

    Is it possible to change the URL for redirection of ISE somewhere just for a portal of comments?

    Best regards

    Simply use the automatic CWA parameter in the authz profile, rather than enter the cisco-av-pair yourself, you will find that you can change the part of the FQDN of the url, if the session ID is kept intact.

  • Cisco ISE comments Portal - DNS problem - External area

    Hello

    I have a client that has the following sceanrio:

    In a wireless deployment and deployment Cisco ISE 1.1.3 with CWA, when the wireless client receives the URL ISE redictect (URL to access the portal of ISE comments), this URL is based on the ISE DNS name, not on its IP address. Thus, the PC cannot solve this problem by DNS name because there is no DNS in the external area (for the guets) or by using the addresses of servers DNS ISP provided by the DHCP server, and therefore it cannot access the portal comments at all;

    I know that in an attempt to manually code the IP address - it doesn't (IE in the authorization profile CWA, the equivalent URL redirection via the pair av CISCO as follows:)

    Cisco-AV-Paire = redirect url =https://10.10.10.10:8443/guestportal/gateway? sessionId = sessionIdValue & action = cwa,)

    given that the sessionIdValue variable is not replaced by its real value when sending to the wireless client)

    My question is: this question has been addressed in version 1.2 of Cisco of ISE - has anyone tried it if has been processed? If not in Cisco 1.2 - does anyone know iof this feature will become available?

    Thanks in advance for your answers.

    Robert C.

    Robert,

    Manual assignment has been made available in version 1.2 of the ISE.

    M.

  • Cisco ise license command

    I have a question

    1. is it possible to install the Cisco ISE software on the server machine to physical HP (without solution VMware or without the use of SNS-3415-k9 cisco device)?

    2. for 2500 users online, I'll order L-ISE-BSE-2550, L-ISE-PLS-S-2500 and L-ISE-APX-S-2500 of basis, more and apex licenses. My question is HA (primary and secondary) application I need 2 licenses for each? (2 * L - ISE - BSE - 2550, 2 * L - ISE - PLS - S - 2500 and 2 * L - ISE - APX - S - 2500)

    or just a license for each is enough?

    3. If I implement Cisco ISE and HA on VMware environment, can I 2 L-ISE-VM-K9 licenses for each VM machines? and also I need 2 licenses for each basic, plus, and at the apex?

    4. What is smart net Cisco and Cisco SASU? need to buy these for support and ticketing system?

    5. What is license for cisco anyconnect (L-AC-APX-1 year-G)?

    thnx in adv.

    You can install ISE on a HP ONLY Server if you are using software virtualization (VMware or KVM).

    The Guide of Installation of ISE sets out three options:

    1 hardware appliance from cisco SNS

    2. virtual machine VMware

    3 Linux KVM.

    The AnyConnect license is required to qualify with the features of the Apex. It is not installed on the ISE server, however.

  • Cisco ISE 1.1.2.145 Admin authentication via the LDAP protocol

    I have configured the LDAP protocol and able to retrieve our LDAP directory structure. Now, I'm trying to point authentication "Admin Access" Source 'External identity', which is the new LDAP IS I created. But I couldn't find an option to authenticate locally if for some reason the LDAP configuration does not work. I learned that the ISE can automatically return to local auth as external sources Idenitity are inaccessible. How can I test the LDAP authentication with breaking them our Admin Access? I thought to open two parallel sessions, one with Super Admin account Local and one with the domain account. But I noticed that ISE communication is smart enough for the closing session/connection no matter what other sessions in different browsers so, basically, I can't open two parallel sessions the same machine to test. Suggestions? or am I missing something here?

    Thanks in advance.

    Hi Srinivas,

    Even if you configure LDAP as a source of external identity of admin access, you can always internal relief without having locked. According to the ISE user guide:

    During the operation, Cisco ISE is designed to "fall back" and try to perform the internal identity database authentication, if the communication with the external identity store has not been established, or if it fails. In addition, whenever an administrator for which you have configured external authentication launches a browser and initiates a logon session, the administrator must still the option authentication of demand through the local Cisco ISE database by choosing 'Internal' to the Selector drop-down storage of identity in the Connect dialog box.

    http://www.Cisco.com/en/us/docs/security/ISE/1.1/user_guide/ise_man_identities.html#wp1351543

    Please see the attached screenshot by my lab ISE:

    I configured the admin authentication against AD, but I still see both 'Internal' and 'AD' at the time of the connection.

    I hope this helps.

    Thank you

    Aastha

  • Cisco ISE and Meraki RADIUS

    I am very new to Cisco ISE and Meraki.  I try to get the Radius configuration for wireless authentication.  When I do a test of the Meraki to ISE, it passes.

    When I try to connect from my laptop, I look at the logs of the Radius and it passes; However, it does not connect me to good policy.  I keep hitting the default policy.  I have my Meraki police above the default policy in the strategy defined in article.  I have attached what looks like my strategy game.

    Devices does not really matter. Here is what I see when I create a device group (where you add the access point to this group), and then create the condition:

    And here is where I create the condition of strategy game and you should be able to select the Meraki access points:

    This will give you the condition similar to what I posted above. This is perhaps why you aren't hit that is not matching the condition for this game.

  • Group of endpoint Cisco ISE 1.4 hotspot

    Patch 1.4 Cisco ISE 6

    Cisco WLC 8.0.121

    Setup

    the WLC has a named Hotspot SSID. It uses mac auth with radius of the NAC to redirect to the Hotspot portal of reviews on the ISE.

    drops flexconnect users in vlan 401 (with preAuthAcl), after the PSU, it is initially a COA to move users to VLANs 413 with permitInternetAcl

    Description of the problem:

    users connect to the SSID of the access point and get an IP address valid in vlan 401

    redirected to the page of the hotspot on the ISE with a PSU and the PIN code request.

    are they disconnect from the network and reconnect, the ISE sends a certificate of authenticity to move to 413 without the Hotspot portal.

    what I've noticed, is that as soon as users get the redirect of the original Web page, they are moved to the endpoint group defined in the hotspot portal.

    What I've read about this behavior makes me understand that it is a default behavior, but if that's the case then I'm not sure on how I can make my font to check if the PSU has been accepted.

    Thank you

    Maarten

    Cisco WLC 8.2.100

    Patch 1.4 ISE 6

    Similar Hotspot ISE installation, of similar rules except change VLAN. I have observed the same behavior.

    This configuration was working on patch 5.

    Update:

    I found a solution based on the following bug. Use the following attribute in the authorization rule. The success page remains but no Instant Internet access is available using this workaround solution.

    https://Tools.Cisco.com/bugsearch/bug/CSCux22558/?referring_site=bugquic...

    ' Workaround:
    "Use the LEAST 24 endpoints: LastAUPAcceptanceHours for example (means PUA agreed less than 24 hours ago).

  • Cisco ISE 1.4 comments account Backup

    I currently deploy portal free registry for comments, I now of questions you want to certify, I just want to know to anyone facing the same problem as me.

    (1) except REST API any way to export the guest account

    (2) backup of the Appendix will include the guest account or not

    (3) what deployment node 2, guest account will sync on both nodes?

    Sorry for the bad English.

    Kind regards

    Alan

    1.] I don't think - I can see a well on the same feature request

    CSCty82007    ENH: Export invited accounts set up in ISE

    2.] Yes - backup should have all guest accounts.

    [3.] the Cisco ISE guest services use distributed the Cisco ISE management system to allow several Cisco ISE nodes to work in a deployment. Configurations performed on the head node is replicated to the secondary nodes.

    ~ Jousset

  • Cisco ISE 1.3 disable "Identity Resolve" step?

    Currently, I am working for a client with a Cisco ISE 1.3 deployment.

    The Cisco access point are currently authenticated by MAB, the customer wants to improve that I proposed to implement EAP-FAST speed of the MAB for the AP for a quick and easy solution.

    I work in the test and production environment, but I was cycling through the authentication process and found something strange.

    I created a rule that if the Tunnel network protocol is EAP-FAST are authenticated by internal users.

    It works very well, the ISE recognizes the flow and internal users through authenticatie.

    15041 assessment political identity
    15048 questioned PIP - Network Access.EapAuthentication
    15048 questioned PIP - Network Access.EapTunnel
    15004 Matched rule - EAP-FAST
    15013 selected identity Source - internal users
    24210 Looking user in IDStore of internal users - >
    24212 found user in internal users IDStore
    Authentication 22037 spent

    On the way he also decided to search for the user in Active Directory.

    Given that the user has not been created in Active Directory, that it does not.

    Looking 24432 user in Active Directory - >
    Identity resolution 24325 - >
    Search 24313 of corresponding accounts at the junction - >
    24318 no corresponding account found in the forest - >
    24322 identity resolution detected no corresponding case
    Failure of the 24352 - ERROR_NO_SUCH_USER identity resolution
    24412 not found user in Active Directory - >
    15048 questioned PIP - >. ExternalGroups
    15048 questioned PIP - Network Access.EapTunnel
    15004 Matched rule - AP_EAPFAST
    15016 selected the authorization - AP_Lan profile
    11002 returned access RADIUS acceptance

    So the authentication and authorization is successful but he try's to resolve the user in active directory.

    I checked the authentication for MAB process, and here I see the same error.

    The MAC address of the device used to MAB also is added to the ISE, then authentication through internal users, authentication and authorization is successful, but ISE wants to solve the (MAC address of the device) user in Active Directory.

    We also see this step for the flow of EAP - TLS, and in this case the identity stage via resolution is successful.

    Is it possible that I can disable the resolution of identity through AD when the internal user group? (or in the world?)

    I did some research and found this (search for LDAP users)

    http://www.Cisco.com/en/us/docs/security/ISE/1.0/user_guide/ise10_man_id...

    When I look at our deployment, it is nothing configured under LDAP.

    If you have rules in your authorization rules that use ad groups that are in front of your MAB or the EAP-FAST rules, ISE will do a search to see if it needs to match this rule. Put your MAB and EAP-FAST rules about AD membership rules, and it won't do the research.

  • Upgrade to Cisco ISE

    Hello

    I have cisco ISE 1.0, which I want to spend 1.3 ISE. According to the upgrade path, I would need to follow this process

    1.0 > 1.1 (apply the latest patch) 1.2 > 1.3

    The bundle 1.0 to 1.1 is deferred. So I think to install a new 1.3 ISE as a virtual appliance and then configure it from there. I have not too clued up on ISE so I was wondering is there a way to backup on ISE 1.0 and 1.3 restoration?

    If this is not the case, what would be the best approach?

    Thank you

    Wow 1.0 to 1.4 is a big leap in functionality. You run this in your production network?

    Authentication and authorization should continue to work that you have configured the.

    On the top of my head

    -you come on duty return to the AD domain (if you have joined in the first place). Make sure you have the credentials of the service account to do.

    -Comments and other portals have been completely redesigned. If you have made any customizations, you're probably better it demolition and reconstruction by using the new tools of the portal generator.

    -Depending on whether you have advanced Base 1.0 licenses will take you through basic or Apex with 1.3 / 1.4.

    -ISE has a ton of other features that may or may not apply in your environment.

  • Cisco ISE comments settings problem

    Hi all

    I hope that it will be a miracle.

    I'm unable to remove the San Jose of positions in the settings of comments with the following error ' cannot delete locations: San Jose: location referenced by another configuration. I have attached the parameters and error of reference.

    I checked all the settings in the comments tab and deleted any reference to San Jose, except if it is referenced in the configuration wizard which I wasn't involved in where else this could be referenced and how to remove it please? It is only cosmetic, but to create guest accounts it is frustrating, as shows the San Jose location when they are in fact located in the United Kingdom. I'm under Cisco ISE version 1.3.

    Thank you

    Mark

    It's a bug

    CSCus25245
    Description
    Symptom:
    In point 1.3 of the ISE, under settings - > location and SSID, we cannot delete the default location of San Jose.

    We get the error that it is referenced by another object.

    Conditions:
    ISE 1.3 - seek to remove the default location of San Jose.

  • Question about my first payment of cisco ISE

    Hi, thanks in advance,

    It's my first time to be implemented cisco ISE 1.1.4 with Vmware Esxi v5.5

    I did so far process

    -Created NTP, DNS, AD, of course ESXI running and have link between each other, ISE is able to synchronize the time with ntp server and DNS, etc AD.

    -J' created repository for installation of application bundle - which is ise-appbundle - 1.1.4.218.i386 that I could not find any fault of the application.

    However, while I was doing installation and it said ' / opt/oracle/base/product/11.2.0/dbhome_1/bin/lsnrctl: error while loading shared libraries: libclntsh.so.11.1: cannot open shared object file: no such file or directory "."

    I already check some forums and communities, and I have no problem about synchronizing time on dns with ntp and ISE itself with ntp.

    I have no firewall between devices and no other network devices don't interfere.

    and at the end of newspapers, it comes up like this

    ########################################################################################

    ERROR: CANNOT START DB!

    Database is not available in 240 seconds Timeout.

    This could be the result of incorrect network interface configuration

    or the lack of resources on the device or the virtual computer. Please solve the problem, run the following CLI to start the database again:

    "reset - config application ise"

    ########################################################################################

    Im just lost now... Any recommendation?

    Well, it is true that the CCIE Security use ISE 1.1 as its base. So for the installation of laboratory only for this purpose, you might go with him.

    90% of the things are similar and the concepts are identical to 1.1 to 1.3. The first versions were buggy however and we recommend to all production users go with 1.3.

    A new installation of 1.14 should be OK; but you would not use the Archives of gz appbundle ISE - you need to use the new installation ISO.

    Please see screenshot below.

  • That treats the assignment do VLAN authorization Cisco ISE?

    Hello

    When I create an authorization policy in Cisco ISE, under common tasks, it is the assignment of VLANS. What makes that? Is it puts the user on this VLAN?

    Thank you.

    Yes, this will overwrite the VLAN configured on the switch port/SSID or wireless. For example, all ports can be configured to be part of VLAN 10, but you want users to finances in VLAN 20. You can use the profile of EHT permission to do exactly this.

    Thank you for evaluating useful messages!

  • Cisco ISE profiling - Split-Corporate/guest access

    Hi all

    I currently deploying a Cisco ISE for my wireless network and I would like to divide my WLAN in two different "authorisation profile": comments and Corporate.

    For now, I use my active Directory to authenticate users and profiling to authorize the device with the host name. I would like to sort by domain name with DHCP probe but I can't because there is always an answer of DHCP message with the domain given by the DHCP server, you have a solution to separate unit with domain name or other attributes?

    Thanks in advance for your answer!

    You can create different authorization profile based on the identity group they belong to, therefore, make two profiles based on two membership group (guests / corporate AD users) and assign them different access. consult the ISE 1.2 config guide.

Maybe you are looking for

  • How can I change the default word processor that Firefox open my downloads in?

    I deleted the one that I initially set (Works word processor) and cannot open documents until I change this setting to Microsoft Word. I get an error message saying "[filename] could not be opened, because the associated helper application does not e

  • Problem of RAM 667 on Satellite A200 - 14 d

    HelloSorry for my English. I have a laptop Satellite A200 - 14 d and I have 2 x 1 GB ram 667 MHz SAMSUNG. I have the processor T2350 on FSB 533 MHz. I have test my laptop by CPU - Z soft and this sweet show that my RAM operates on 266 MHz but not of

  • I spilled my trash... How to recover?

    Try to free up space on the hard drive I have emptied my trash, then realized that I had deleted some important photos.  Help!

  • XP does not start after update

    I bought two Fujisu systems used with 2.8, 512 and 40 GB. I installed xp sp3. He was successful but when I update my two computers do not start. When the "xp" logo come from. It restarts. Please help me how to solve the problem and why this happens.

  • Z3 reported no bars

    Hello First of all, I would like to say I tried searching all morning this problem in internet, but I can't find so I created this post. The problem is my z3 D6603 stop giving signals bars, I see that the Signal icon but no bar. So what I tried Resta