https://community.cisco.com/t5/network-access-control/cwa-redirection-not-working/m-p/3811684#M484715 <P>Hi , i have same problems with my 5508 ,and i downgrade the code because withe latest code noone from guest take ip address ,there was not even authentication log in ISE and in WLC the client was with ip address 0.0.0.0&nbsp;&nbsp; . Witch version of code you use ? And again this was only for guest network all other networks like corporate WPA2 etc working as expected . I resolve with downgrade the code but there was 1 more way to add PSK for guest it will allow you clients to take ip address .</P> Thu, 28 Feb 2019 12:30:40 GMT ognyan.totev 2019-02-28T12:30:40Z https://community.cisco.com/t5/network-access-control/cwa-redirection-not-working/m-p/3811543#M484713 <P>Hi Team,</P> <P>&nbsp;</P> <P>Hope you all are doing good</P> <P>I am working on wireless guest access ( Sponsor Base ).</P> <P>I have WLC 5508, 3560 SW, 1702i AP, ISE 2.4</P> <P>&nbsp;</P> <P>Problem Description : Earlier i was getting connect on Guest SSID but redirection was not happening, Now i am not able to connect on Guest SSID</P> <P>&nbsp;</P> <P>When i checked on ISE there is no logs/hits on live logs</P> <P>&nbsp;</P> <P>On WLC i checked and found that device is not getting the IP addr so what i did i amanually put the IP addr but it also didn't work, i meant no connectivity.</P> <P>&nbsp;</P> <P>Attaching screen shots for reference.</P> <P>&nbsp;</P> <P>Please help me on this, Appreciate prompt response.</P> Thu, 28 Feb 2019 09:27:32 GMT https://community.cisco.com/t5/network-access-control/cwa-redirection-not-working/m-p/3811543#M484713 sajid231088 2019-02-28T09:27:32Z https://community.cisco.com/t5/network-access-control/cwa-redirection-not-working/m-p/3811684#M484715 <P>Hi , i have same problems with my 5508 ,and i downgrade the code because withe latest code noone from guest take ip address ,there was not even authentication log in ISE and in WLC the client was with ip address 0.0.0.0&nbsp;&nbsp; . Witch version of code you use ? And again this was only for guest network all other networks like corporate WPA2 etc working as expected . I resolve with downgrade the code but there was 1 more way to add PSK for guest it will allow you clients to take ip address .</P> Thu, 28 Feb 2019 12:30:40 GMT https://community.cisco.com/t5/network-access-control/cwa-redirection-not-working/m-p/3811684#M484715 ognyan.totev 2019-02-28T12:30:40Z https://community.cisco.com/t5/network-access-control/cwa-redirection-not-working/m-p/3811742#M484717 You ACL should look something along these lines:<BR /><BR />Extended IP access list ACL_WEBAUTH_REDIRECT<BR />10 deny ip any host &lt;ISE SERVER&gt; log<BR />20 deny ip any host &lt;ISE SERVER&gt; log<BR />30 permit tcp any any eq www log<BR />40 permit tcp any any eq 443 log<BR />50 permit tcp any any eq 8443 log<BR />60 deny udp any any eq domain log<BR />70 deny udp any eq bootpc any eq bootps log<BR /><BR />Based on my experience with posture assessment &amp; guest portal redirects the logic is backwards. For example:<BR />10 deny ip any host &lt;ISE SERVER&gt; log -- This is actually allowing connectivity to your ISE server.<BR /><BR />I recommend testing this out. Prior to doing so ensure that routing is in place for your WLC/user endpoint to reach whatever nic you are using on ISE for your portal.<BR /><BR />HTH!<BR /> Thu, 28 Feb 2019 13:41:52 GMT https://community.cisco.com/t5/network-access-control/cwa-redirection-not-working/m-p/3811742#M484717 Mike.Cifelli 2019-02-28T13:41:52Z