Home > Cisco > Interface > Cisco Ise 13 User Guide

Cisco Ise 13 User Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Cisco Ise 13 User Guide. The Cisco manuals for Interface are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 801

    Page 801 Related Topics EdittheBlacklistPortal,onpage346 BlacklistPortal,onpage337 HTMLSupportfortheBlacklistPortalLanguageFile,onpage805 Portal Settings for BYOD and MDM Portals ThenavigationpathforthesesettingsisAdministration>DevicePortalManagement>BYODPortals orMDMPortals>Create,EditorDuplicate>PortalBehaviorandFlowSettings>PortalSettings. Configurethesesettingstodefineportalpageoperations. •HTTPSport—Enteraportvaluebetween8000to8999;thedefaultvalueis8443forallthedefault... 
    Related Topics
EdittheBlacklistPortal,onpage346
BlacklistPortal,onpage337
HTMLSupportfortheBlacklistPortalLanguageFile,onpage805
Portal Settings for BYOD and MDM Portals
ThenavigationpathforthesesettingsisAdministration>DevicePortalManagement>BYODPortals
orMDMPortals>Create,EditorDuplicate>PortalBehaviorandFlowSettings>PortalSettings.
Configurethesesettingstodefineportalpageoperations.
•HTTPSport—Enteraportvaluebetween8000to8999;thedefaultvalueis8443forallthedefault...

    Page 802

    Page 802 ◦TheinterfacesyouenableheremustbeavailableonallyourPSNs,includingVM-basedoneswhen PolicyServicesturnedon.ThisisrequiredbecauseanyofthesePSNscanbeusedforaredirect atthestartoftheguestsession. ◦TheportalcertificateSubjectName/AlternateSubjectNamemustresolvetotheinterfaceIP. ◦Configureiphostx.x.x.xyyy.domain.cominISECLItomapsecondaryinterfaceIPtoFQDN, whichisusedtomatchCertificateSubjectName/AlternateSubjectName. •Certificategrouptag—Pickacertificategrouptagthatspecifiesthecertificatetousefortheportal’s... 
    ◦TheinterfacesyouenableheremustbeavailableonallyourPSNs,includingVM-basedoneswhen
PolicyServicesturnedon.ThisisrequiredbecauseanyofthesePSNscanbeusedforaredirect
atthestartoftheguestsession.
◦TheportalcertificateSubjectName/AlternateSubjectNamemustresolvetotheinterfaceIP.
◦Configureiphostx.x.x.xyyy.domain.cominISECLItomapsecondaryinterfaceIPtoFQDN,
whichisusedtomatchCertificateSubjectName/AlternateSubjectName.
•Certificategrouptag—Pickacertificategrouptagthatspecifiesthecertificatetousefortheportal’s...

    Page 803

    Page 803 Usage GuidelinesField Displayyourcompany’snetwork-usagetermsand conditions,eitherastextonthepagecurrentlybeing displayedfortheuserorasalinkthatopensanew taborwindowwithAUPtext. IncludeanAUP(onpage/aslink) RequireuserstoacceptanAUPbeforetheiraccount isfullyenabled.TheLoginbuttonisnotenabled unlesstheuseracceptstheAUP.Ifusersdonotaccept theAUP,theywillnotobtainnetworkaccess. Requireacceptance ThisoptiondisplaysonlyifIncludeanAUPonpage isenabled. EnsurethattheuserhasreadtheAUPcompletely.... 
    Usage GuidelinesField
Displayyourcompany’snetwork-usagetermsand
conditions,eitherastextonthepagecurrentlybeing
displayedfortheuserorasalinkthatopensanew
taborwindowwithAUPtext.
IncludeanAUP(onpage/aslink)
RequireuserstoacceptanAUPbeforetheiraccount
isfullyenabled.TheLoginbuttonisnotenabled
unlesstheuseracceptstheAUP.Ifusersdonotaccept
theAUP,theywillnotobtainnetworkaccess.
Requireacceptance
ThisoptiondisplaysonlyifIncludeanAUPonpage
isenabled.
EnsurethattheuserhasreadtheAUPcompletely....

    Page 804

    Page 804 IfyouredirectaGuesttoanexternalURLafterauthentication,theremaybeadelaywhiletheURLaddress isresolvedandthesessionisredirected. Note Related Topics BringYourOwnDevicePortal,onpage337 CreateaBYODPortal,onpage348 HTMLSupportforBringYourOwnDevicePortalsLanguageFiles,onpage805 Portal Settings for Client Provisioning Portals ThenavigationpathforthesesettingsisAdministration>DevicePortalManagement>ClientProvisioning Portals>Create,EditorDuplicate>PortalBehaviorandFlowSettings>PortalSettings.... 
    IfyouredirectaGuesttoanexternalURLafterauthentication,theremaybeadelaywhiletheURLaddress
isresolvedandthesessionisredirected.
Note
Related Topics
BringYourOwnDevicePortal,onpage337
CreateaBYODPortal,onpage348
HTMLSupportforBringYourOwnDevicePortalsLanguageFiles,onpage805
Portal Settings for Client Provisioning Portals
ThenavigationpathforthesesettingsisAdministration>DevicePortalManagement>ClientProvisioning
Portals>Create,EditorDuplicate>PortalBehaviorandFlowSettings>PortalSettings....

    Page 805

    Page 805 TheseinterfacesmustbeavailableonallthePSNs,includingVM-basedones,thathavePolicyServices turnedon.ThisisarequirementbecauseanyofthesePSNscanbeusedfortheredirectatthestartof theguestsession. ◦TheEthernetinterfacesmustuseIPaddressesondifferentsubnets. ◦TheinterfacesyouenableheremustbeavailableonallyourPSNs,includingVM-basedoneswhen PolicyServicesturnedon.ThisisrequiredbecauseanyofthesePSNscanbeusedforaredirect atthestartoftheguestsession.... 
    TheseinterfacesmustbeavailableonallthePSNs,includingVM-basedones,thathavePolicyServices
turnedon.ThisisarequirementbecauseanyofthesePSNscanbeusedfortheredirectatthestartof
theguestsession.
◦TheEthernetinterfacesmustuseIPaddressesondifferentsubnets.
◦TheinterfacesyouenableheremustbeavailableonallyourPSNs,includingVM-basedoneswhen
PolicyServicesturnedon.ThisisrequiredbecauseanyofthesePSNscanbeusedforaredirect
atthestartoftheguestsession....

    Page 806

    Page 806 UsethesesettingstoenableMobileDeviceManagement(MDM)functionalityforemployeesusingtheMDM portalsanddefinetheirAUPexperience. Usage GuidelinesField Displayyourcompany’snetwork-usagetermsand conditions,eitherastextonthepagecurrentlybeing displayedfortheuserorasalinkthatopensanew taborwindowwithAUPtext. IncludeanAUP(onpage/aslink) RequireuserstoacceptanAUPbeforetheiraccount isfullyenabled.TheLoginbuttonisnotenabled unlesstheuseracceptstheAUP.Ifusersdonotaccept theAUP,theywillnotobtainnetworkaccess.... 
    UsethesesettingstoenableMobileDeviceManagement(MDM)functionalityforemployeesusingtheMDM
portalsanddefinetheirAUPexperience.
Usage GuidelinesField
Displayyourcompany’snetwork-usagetermsand
conditions,eitherastextonthepagecurrentlybeing
displayedfortheuserorasalinkthatopensanew
taborwindowwithAUPtext.
IncludeanAUP(onpage/aslink)
RequireuserstoacceptanAUPbeforetheiraccount
isfullyenabled.TheLoginbuttonisnotenabled
unlesstheuseracceptstheAUP.Ifusersdonotaccept
theAUP,theywillnotobtainnetworkaccess....

    Page 807

    Page 807 ◦Sponsorportal:Port8443,Interface0,CertificategroupAandMyDevicesportal:Port8445, Interface0,CertificategroupB. ◦Sponsorportal:Port8444,Interface1,CertificategroupAandBlacklistportal:Port8444, Interface0,CertificategroupB. ◦Invalidcombinationsinclude: ◦Sponsorportal:Port8443,Interface0,CertificategroupAandMyDevicesportal:8443, Interface0,CertificategroupB. ◦Sponsorportal:Port8444,Interface0,CertificatetagAandBlacklistportal:Port8444, Interface0,CertificategroupA.... 
    ◦Sponsorportal:Port8443,Interface0,CertificategroupAandMyDevicesportal:Port8445,
Interface0,CertificategroupB.
◦Sponsorportal:Port8444,Interface1,CertificategroupAandBlacklistportal:Port8444,
Interface0,CertificategroupB.
◦Invalidcombinationsinclude:
◦Sponsorportal:Port8443,Interface0,CertificategroupAandMyDevicesportal:8443,
Interface0,CertificategroupB.
◦Sponsorportal:Port8444,Interface0,CertificatetagAandBlacklistportal:Port8444,
Interface0,CertificategroupA....

    Page 808

    Page 808 CiscoISEincludesadefaultsponsorIdentitySourceSequenceforsponsorportals, Sponsor_Portal_Sequence. ToconfigureanIdentitySourceSequence,chooseAdministration>IdentityManagement>Identity SourceSequences. •Endpointidentitygroup—Chooseanendpointidentitygrouptotrackguestdevices.CiscoISEprovides theGuestEndpointsendpointidentitygrouptouseasadefault.Youcanalsocreatemoreendpoint identitygroupsifyouchoosetonotusethedefault. Chooseanendpointidentitygrouptotrackemployeedevices.CiscoISEprovidestheRegisteredDevices... 
    CiscoISEincludesadefaultsponsorIdentitySourceSequenceforsponsorportals,
Sponsor_Portal_Sequence.
ToconfigureanIdentitySourceSequence,chooseAdministration>IdentityManagement>Identity
SourceSequences.
•Endpointidentitygroup—Chooseanendpointidentitygrouptotrackguestdevices.CiscoISEprovides
theGuestEndpointsendpointidentitygrouptouseasadefault.Youcanalsocreatemoreendpoint
identitygroupsifyouchoosetonotusethedefault.
Chooseanendpointidentitygrouptotrackemployeedevices.CiscoISEprovidestheRegisteredDevices...

    Page 809

    Page 809 •Maximumfailedloginattemptsbeforeratelimiting—Specifythenumberoffailedloginattempts fromasinglebrowsersessionbeforeCiscoISEstartstothrottlethataccount.Thisdoesnotcausean accountlockout.ThethrottledrateisconfiguredinTimebetweenloginattemptswhenratelimiting. •IncludeanAUP—Addaacceptableusepolicypagetotheflow.YoucanaddtheAUPtothepage,or linktoanotherpage.Addingthischangesthepictureoftheflowontheright. ◦requireacceptance—ForcetheusertoagreetotheAUPbeforecontinuingtheflow. • Related Topics... 
    •Maximumfailedloginattemptsbeforeratelimiting—Specifythenumberoffailedloginattempts
fromasinglebrowsersessionbeforeCiscoISEstartstothrottlethataccount.Thisdoesnotcausean
accountlockout.ThethrottledrateisconfiguredinTimebetweenloginattemptswhenratelimiting.
•IncludeanAUP—Addaacceptableusepolicypagetotheflow.YoucanaddtheAUPtothepage,or
linktoanotherpage.Addingthischangesthepictureoftheflowontheright.
◦requireacceptance—ForcetheusertoagreetotheAUPbeforecontinuingtheflow.
•
Related Topics...

    Page 810

    Page 810 Usethissettingtonotifyusers(guests,sponsorsoremployeesasapplicable)ofadditionalinformationafter theyloginsuccessfully. Usage GuidelinesField Displayadditionalinformationaftertheusers successfullyloginandbeforetheyaregranted networkaccess. IncludeaPost-LoginBannerpage Related Topics MyDevicesPortal,onpage338 CreateaMyDevicesPortal,onpage352 Employee Change Password Settings for My Devices Portals ThenavigationpathforthispageisAdministration>DevicePortalManagement>MyDevicesPortals... 
    Usethissettingtonotifyusers(guests,sponsorsoremployeesasapplicable)ofadditionalinformationafter
theyloginsuccessfully.
Usage GuidelinesField
Displayadditionalinformationaftertheusers
successfullyloginandbeforetheyaregranted
networkaccess.
IncludeaPost-LoginBannerpage
Related Topics
MyDevicesPortal,onpage338
CreateaMyDevicesPortal,onpage352
Employee Change Password Settings for My Devices Portals
ThenavigationpathforthispageisAdministration>DevicePortalManagement>MyDevicesPortals...
    Start reading Cisco Ise 13 User Guide

    Related Manuals for Cisco Ise 13 User Guide

    All Cisco manuals