Hey Ahmed, this is absolutely fantastic presentation!! I hope you could do more ISE related videos, honestly, I haven't seen anyone is doing this better than you, looking forward to your excellent series. thank you so much!!!!
Yes that would if the user chooses to "forget" the SSID on his device. But normally if you think of the layman user's perspective, he isn't even gonna touch his SSID 🙂
Hello Ahmed Just Came to ur Channel Amazing Video Bro , Pls Pls we need a series on ISE 3.x for Wired/Wireless MAB and Wired/Wireless 802.1X . pls bro By The Way , ur English Accent its like a Peace to my Ear
Hi Ali, Thanks a lot! Yes I wana do that too but actually I am relocating to UAE so time is a little short. But I will keep that in mind 😊. The ear comment is a new one ❤️ Glad to know my voice quality is good.
Hi Ahmed. How can I push the POST_GUEST_ACL to a 9800 WLC? Since the 9800 WLC does not support Airspace ACL, I am not sure which field I can choose in ISE.
Amed hi. Great job on the tutorial Once the user is being redirected to a url. You get the Acceptable Use Policy message prompt right? Can we customize the message? Let’s say commercialize the home page before hitting accept or decline ? Can I say something like: Free internet for DN GUEST is brought to you by Amed (sponsored company)?
Yes you can increase or decrease the connection timeout but i don't think there is a method to warn users because the users reside on the application layer & all this happens at layer 4
Hello! I have a question. Could you please tell what you did with 2nd ACL that you have created in WLC? As I understand in Authorization policy you select 1st ACL. I'm trying to configure guest portal, the registration is okay, but there is no internet connection :/
Hi, I would need some more information. what happens when the registration process is complete? Have you enabled CoA on the radius server settings on your wlc? Do the logs show that the new authorization profile is applied to the user session?
@@doctor.networks It shows "Success. You now have Internet access through this network" Yes I have enabled CoA Here is the log : Steps 11001 Received RADIUS Access- Request 11017 RADIUS created a new session 11027 Detected Host Lookup UseCase (Service-Type = Call Check (10)) 15049 Evaluating Policy Group 15008 Evaluating Service Selection Policy 24715 ISE has not confirmed locally previous successful machine authentication for user in Active Directory 15036 Evaluating Authorization Policy 24209 Looking up Endpoint in Internal Endpoints IDStore - test111 24211 Found Endpoint in Internal Endpoints IDStore 15016 Selected Authorization Profile - Test-Author-Profile 11002 Returned RADIUS Access-Accept
Glan nice question, that is because the WLC by default sends the SSID details to ISE in a format of SSID:MAC, Mac is the ssid mac. hence we use contains. You can see how the ssid is shown in the logs of ISE
Great guide. Thank you! Thanks for all the other videos you do as well. I'm learning a lot!
You are welcome brother 👍
Hey man, your presentation was the best I saw, even better than official Cisco presentations. So please keep it up.
Thank you brother will try 🙂
Hey Ahmed, this is absolutely fantastic presentation!! I hope you could do more ISE related videos, honestly, I haven't seen anyone is doing this better than you, looking forward to your excellent series. thank you so much!!!!
You are quite welcome brother 😊. Hoping to get more time to make these videos. APPRECIATE the support
This is the best video I've ever seen. To be honest, your presentation is much better than the Cisco Authorized instructor's. Keep it up!
Glad to hear that & thank you for the appreciation 😊. I sure hope someday I can get back on this teaching track 🙂
This is a good guide. Thank you.
You are quite welcome ❤️
Great video. Thank you!
Your video is great. The concept is very clear but can you please do a video ditto like this but on WLC 9800 please since i am new to WLC 9800.
Great suggestion, will try to do so. I'm seeing a good number of request on this thing
Very informative and detailed I learned a lot, Thank you keep going
Thanks! Will keep going 🙂
Thanks for the detailed video.
You are welcome
You're explained very well 👏
Thanks mate 😊
This is a good guide, but MAC address randomisation would cause a lot of issues
Yes that would if the user chooses to "forget" the SSID on his device. But normally if you think of the layman user's perspective, he isn't even gonna touch his SSID 🙂
@@doctor.networksAre you stating that the randomized MAC only changes after forgetting a network it was initially authorized access to?
@@leejasper766 Yes exactly. you can also test that if you have any wireless setup
Hello Ahmed
Just Came to ur Channel
Amazing Video
Bro , Pls Pls we need a series on ISE 3.x for Wired/Wireless MAB and Wired/Wireless 802.1X . pls bro
By The Way , ur English Accent its like a Peace to my Ear
Hi Ali, Thanks a lot! Yes I wana do that too but actually I am relocating to UAE so time is a little short. But I will keep that in mind 😊. The ear comment is a new one ❤️ Glad to know my voice quality is good.
@@doctor.networks
Yep , Sound Tone is a Gift from God , not all has it mate
Pls do complete serious on cisco ise🥺🥺
Thank you.
Welcome
Hi Ahmed. How can I push the POST_GUEST_ACL to a 9800 WLC? Since the 9800 WLC does not support Airspace ACL, I am not sure which field I can choose in ISE.
Amed hi. Great job on the tutorial
Once the user is being redirected to a url. You get the Acceptable Use Policy message prompt right? Can we customize the message? Let’s say commercialize the home page before hitting accept or decline ?
Can I say something like:
Free internet for DN GUEST is brought to you by Amed (sponsored company)?
Yes you can, that can be done on the portal customization area.
@@doctor.networks I found it. Thanks
Can you share the context of your controller ACL.. I understand d you may have to omit the IPs for security.
No I didn't omit anything, normally you would not allow a guest to access any RFC1918 IPs. but i didn't omit any acl ebtry here
Hi, which license is required on ISE. Does this work with Essentials Subscription ?
hi is it possible to make a connection time out by 1 hour and a warning before time out
Yes you can increase or decrease the connection timeout but i don't think there is a method to warn users because the users reside on the application layer & all this happens at layer 4
Hello! I have a question. Could you please tell what you did with 2nd ACL that you have created in WLC? As I understand in Authorization policy you select 1st ACL. I'm trying to configure guest portal, the registration is okay, but there is no internet connection :/
Hi, I would need some more information. what happens when the registration process is complete? Have you enabled CoA on the radius server settings on your wlc? Do the logs show that the new authorization profile is applied to the user session?
@@doctor.networks It shows "Success. You now have Internet access through this network"
Yes I have enabled CoA
Here is the log :
Steps
11001 Received RADIUS Access- Request
11017 RADIUS created a new session
11027 Detected Host Lookup UseCase (Service-Type = Call Check (10))
15049 Evaluating Policy Group
15008 Evaluating Service Selection Policy
24715 ISE has not confirmed locally previous successful machine authentication for user in Active Directory
15036 Evaluating Authorization Policy
24209 Looking up Endpoint in Internal Endpoints IDStore - test111
24211 Found Endpoint in Internal Endpoints IDStore
15016 Selected Authorization Profile - Test-Author-Profile
11002 Returned RADIUS Access-Accept
@@orkhanhajizada8294 I will have to check. Feel free to email me on info@doctornetworks.net & I will have a webex session with you.
Hi, why did you use "contains" for guest_ssid?
Glan nice question, that is because the WLC by default sends the SSID details to ISE in a format of SSID:MAC, Mac is the ssid mac. hence we use contains. You can see how the ssid is shown in the logs of ISE
Good Vid Hope Kid ok lol
Haha thanks. Yeah he is fine 😊