Radius Access-Accept to the NAD is the MAC address.This results in a few issues, please reach out to the ISE Product Managers at or (for cisco employees only) to request this be addressed: The problem with scenario 2 is that ISE didn't correlate the user's username that was used during Portal login with the MAC address. This is the so-called "Remember Me" feature. If ISE recognises the MAC address in a 'Guest' Identity Group then the Authorization happens accordingly and no Portal is presented.If Login was successful then MAC address is added to the appropriate Guest Identity Group. If ISE doesn't recognise this MAC address in a 'Guest' Identity Group, then redirect user to the Guest Portal.if the Network Access Device doesn't already have a session for that user's MAC address, then the WLC sends the client's MAC address to ISE and two possible scenarios exist In the case of Guest Access on Wired or wireless.
ENDPOINT PROTECTION FOR MAC 2.3 LICENSE
See post - ISE Guest flow with guest user type license required
ENDPOINT PROTECTION FOR MAC 2.3 PLUS
For more information reach out to the wireless team.ĬSCvp16734 - Plus Licenses Consumed without Plus Features The issue with this is memory is consumed and pinned up while these session are sleeping so you don't want to do with too many clients or for a long period of time. My device goes to sleep and then I unlock it again and connect as long as its within the timeout i don't need to be redirected again. I connect to the network, login to the portal and get access. This will pin up the wireless session so that a device keeps same authorization for a set period of time. For example. If you have any needs please bring up through the TAC for patching in prior releases and they will be evaluated if available.Īnother option of remembering the guest is to use sleeping client feature on the WLC. We are working on these in ISE 2.3-2.5 and hope to backport them as well as far back as we can.
Basically pointing a guest endpoint into an endpoint group and granting access for a set number of days until their endpoint is purged and have to go through Credentialed portal again.
ISE 2.3 brings a new functionality that is very useful for troubleshooting and monitoring the Guest flow around Guest Remember Me functionality.