Guest

Preview Tool

Cisco Bug: CSCus46754 - DOC ISE 1.3 HotSpot flows CoA changes

Last Modified

Jun 09, 2016

Products (1)

  • Cisco Identity Services Engine (ISE) 3300 Series Appliances

Known Affected Releases

1.3(0.876)

Description (partial)

Symptom:
Customers upgrading from 1.2 who had DRW working with a Network UseCase = Guest Flow as a policy  will no longer hit this condition in 1.3 since CoA sent after the customer hits accept will be Admin Reset and not Re-authenticate. 
This causes the endpoint to hit a  loop  since the new session ID is different from the initial redirect and UseCase flag won't be there for the endpoint.

Also clients  having a  preferred notwork ( production SSID)  will attempt   to connect to the preferred SSID after the Admin-Reset CoA  is sent.  

Client experience:

* Connect to the hotspot and register device. 
* Admin Reset CoA is sent. 
* WLC de-authenticates the client. 
* Client connects to preferred SSID instead of reconnecting to HotSpot SSID.

Conditions:
1.3 deployment . 
HotSpot portal configured.
Under Authz policies something similar to:
   * NetworkAccess UseCase = GuestFlow  then PermitAccess. 
   * Wireless MAB then Hotspot Redirect.
Under this setup, the endpoint will hit a  loop since it is impossible to hit UseCase=GuestFlow
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.