Configure ISE Guest Short Time Hotspot Access then Require Registration

Available Languages

Updated:May 25, 2016
Document ID:213319

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Introduction

This document describes how to configure Identity Service Engine for time-limited hotspot access followed by access based on guest self registration.

Information in this document was tested on the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Prerequisites

Requirements

Cisco recommends that you have knowledge of these topics:

  • Cisco Identity Service Engine (ISE)
  • Cisco Wireless Controller (WLC)
  • Guest component in Cisco Identity Service Engine

Components Used

The information in this document is based on these software and hardware versions:

  • Cisco Identity Service Enginer version 1.4 patch 6
  • Cisco Wireless Controller 8.0.100.0
  • LG3 Smartphone with Android 5.0

Configure

Step 1. Configure WLC 

WLC configuration for guest access is described in article: Configure WLC for Central Web Authentication.

Step 2. Configure ISE

1. Configure endpoint identity group 15MinAccessGroup that is used for endpoints that get 15 minutes of free, unregistered access.

2. Create two self-registration guest portals:

  • Hotspot 15 min access - this is customized self-registered guest portal that provides 15 min of unregistered access
  • Self-Registered Guest Portal - this is default self-registered guest portal

3. Create three authorization profiles:

  • RedirectHotSpot - authorization profile that redirects to Hotspot 15 min access portal

  • RedirectSelfReg - authorization profile that redirects to Self-Registered Guest Portal

  • PermitAccess15minutes - authorization profile that returns permit access and sets reauthentication timer to 15 minutes

4. Configure authorization rules.

Step 3. Customize Guest Portal 

1. Navigate to configuration of Hotspot 15 min access self-registered guest portal.

2. In Self-Registration Page Settings select guest type 15MinAccessGuest.

3. In Self-Registration Success Settings select Allow guests to log in directly from the Self-Registration Success page checkbox.

4. In Post-Login Banner Page Settings unselect Include a Post-Login Banner page checkbox.

5. Navigate to Portal Page Customization.

6. Navigate to Login Tab and Optional Content 2. Toggle source and paste script below to text field. Toggle back source and save config.

<script>
jQuery('.cisco-ise-scriptable').append("<div class='ui-submit ui-btn ui-shadow'><input type='submit' value='Get Access' class='hotspot-btn'/></div>");
jQuery('.cisco-ise-login-text').hide();
jQuery('.cisco-ise-scriptable').find('#ui_login_instruction_message').remove();
jQuery('.cisco-ise-scriptable').find('#ui_login_content_label').html('Hotspot');
jQuery('.hotspot-btn').on('click', function(evt){
evt.preventDefault();
jQuery("#ui_login_self_reg_button").trigger('click');
});
</script>

7. Navigate to Self-Registration Tab and Optional Content 2. Toggle source and paste script below to text field.Toggle back source and save config.

<script>
jQuery('#page-self-registration').hide();
setTimeout(function(){
jQuery('#ui_self_reg_submit_button').trigger('click');
}, 100);
</script>

8. Navigate to Self-Registration Success Tab and Optional Content 2. Toggle source and paste script below to text field.Toggle back source and save config.

<script>
jQuery('#page-self-registration-results').hide();
jQuery('#ui_self_reg_results_submit_button').trigger('click');
</script>

Verify

 You can now connect your test device to WLAN and test functionality. Expected behavior is that you are redirected to Hotspot portal and after 15 minutes you are redirected to self-registration portal and provided login details.

Below are operation logs from single flow:

At first, guest user is redirected to portal modified with javascript snippets. Javascript code hides part of the portal and creates user with random username ('m' in this example) and password. This user is logged in automatically and his device is registered in 15MinAccessGroup endpoint group. After time specified in reauthentication field in one of authorization profiles, user is redirected to second (not modified) self-registred guest portal, where he can created an account.

Troubleshoot

1. No change in the guest portal is visible. Please ensure that the changes are applied for the specific languages in use.

TAC Authored

Contributed by Cisco Engineers

  • Piotr Borowiec

Was this Document Helpful?

FeedbackFeedback

Contact Cisco

This Document Applies to These Products