https://community.cisco.com/t5/network-access-control/ise-and-central-web-authentication/m-p/1890790#M208968 <P>Hello all,</P><P></P><P>I have followed the steps in this document in detail:</P><P></P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/products/ps11640/products_configuration_example09186a0080ba6514.shtml" target="_blank">http://www.cisco.com/en/US/products/ps11640/products_configuration_example09186a0080ba6514.shtml</A></P><P></P><P>however, my central authentication does not work. I get to the guest portal, i get authenticated through the guest portal,</P><P>but then the "second" MAB authenticatino doesn't happen.</P><P>In the last screencapture of the document, you get a green "Dynamic Authorization" line (third line from below). On my system</P><P>this is a red line with the error message "11213 No response received from Network Access Device".</P><P>(i have a successfull guest authentication in my ise logs, but it seems ise is unable to bounce or initiate the second MAB....)</P><P></P><P>Any ideas ?</P><P></P><P>regards,</P><P>Geert</P> Mon, 11 Mar 2019 01:52:30 GMT gnijs 2019-03-11T01:52:30Z https://community.cisco.com/t5/network-access-control/ise-and-central-web-authentication/m-p/1890790#M208968 <P>Hello all,</P><P></P><P>I have followed the steps in this document in detail:</P><P></P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/products/ps11640/products_configuration_example09186a0080ba6514.shtml" target="_blank">http://www.cisco.com/en/US/products/ps11640/products_configuration_example09186a0080ba6514.shtml</A></P><P></P><P>however, my central authentication does not work. I get to the guest portal, i get authenticated through the guest portal,</P><P>but then the "second" MAB authenticatino doesn't happen.</P><P>In the last screencapture of the document, you get a green "Dynamic Authorization" line (third line from below). On my system</P><P>this is a red line with the error message "11213 No response received from Network Access Device".</P><P>(i have a successfull guest authentication in my ise logs, but it seems ise is unable to bounce or initiate the second MAB....)</P><P></P><P>Any ideas ?</P><P></P><P>regards,</P><P>Geert</P> Mon, 11 Mar 2019 01:52:30 GMT https://community.cisco.com/t5/network-access-control/ise-and-central-web-authentication/m-p/1890790#M208968 gnijs 2019-03-11T01:52:30Z https://community.cisco.com/t5/network-access-control/ise-and-central-web-authentication/m-p/1890791#M208970 <HTML><HEAD></HEAD><BODY><P>Ok, so it seems i was missing the CoA configuration:</P><P></P><P>After adding</P><P></P><P>aaa server radius dynamic-author</P><P> client <ISEIP> server-key <ISE radius-key=""></ISE></ISEIP></P><P></P><P></P><P>it worked....</P></BODY></HTML> Mon, 05 Mar 2012 16:36:47 GMT https://community.cisco.com/t5/network-access-control/ise-and-central-web-authentication/m-p/1890791#M208970 gnijs 2012-03-05T16:36:47Z https://community.cisco.com/t5/network-access-control/ise-and-central-web-authentication/m-p/1890792#M208972 <HTML><HEAD></HEAD><BODY><P>By the way, i feel the document example is a bit too general. For example, if you implement the document, ISE will do web authentication and redirection even when you are using a 802.1X client and are authenticated (and you have no other rules in your Autorization sequence table)</P><P>I managed to prevent this by adding an additional condition to the first rule "MAC not known" that has the CentralWebAuth policy. Only do webautentication if MAC not known AND Wired_MAB is being used.</P></BODY></HTML> Thu, 08 Mar 2012 13:59:08 GMT https://community.cisco.com/t5/network-access-control/ise-and-central-web-authentication/m-p/1890792#M208972 gnijs 2012-03-08T13:59:08Z