topic I have managed to set up in Network Access Control

configuring ise

kennedymacharia — Mon, 11 Mar 2019 05:17:32 GMT

hi guys,

I am deploying ise 1.2.1.198 with wlc 5508 for guest web authentication but redirection is not occuring and also clients are not getting dhcp.

I have not configured any switch for this deployment. (do I have to? )

can you share the

Saurav Lodh — Fri, 19 Dec 2014 13:27:38 GMT

can you share the authorization profile and policies? Take the configuration help from below

http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115732-central-web-auth-00.html

check ACL on WLC "ACL-WEBAUTH

Venkatesh Attuluri — Mon, 22 Dec 2014 17:08:34 GMT

check ACL on WLC "ACL-WEBAUTH_REDIRECT" configured for redirection

Yes, you have to.Ensure that

Charlie Moreton — Mon, 22 Dec 2014 20:35:04 GMT

Yes, you have to.

Ensure that you configure the switchport connected to the WLC as a trunk:

interface GigabitEthernet0/23
description wlc
switchport trunk encapsulation dot1q
switchport mode trunk

Also ensure that the VLANs used have the ip helper address pointing to the DHCP Server:

interface Vlan50
description GUEST
ip address 10.1.50.1 255.255.255.0
ip helper-address 10.1.100.10

Whichever ACLs you reference on your ISE must exist on your WLC:

These are the first steps to proper redirection.

Be sure to check the Admin Guide for further guidance:

http://www.cisco.com/c/en/us/td/docs/security/ise/1-3/admin_guide/b_ise_admin_guide_13/b_ise_admin_guide_sample_chapter_0100001.html

Please Rate Helpful posts and mark this question as answered if, in fact, this does answer your question. Otherwise, feel free to post follow-up questions.

Charles Moreton

I have managed to set up

kennedymacharia — Mon, 05 Jan 2015 07:07:12 GMT

I have managed to set up cisco ise and redirection is working fine but my problem is to separate guest traffic from the corporate traffic. Here is a brief scenario of what I have running

Layer three switch has only fiber ports.
All the switches connect to the core switch(L3) and access points are distributed to all the switches that are in various parts of the building
WLC connects to the core switch
Everything is in the default vlan 1
The internal wlan is been authenticated by active directory in the DHCP server which is also providing dhcp services (this is before ise was introduced)
The ise server is the radius server

This is what I have been trying to do

I have configured another vlan (20) for guest wlan and configured a sub –interface on the router for it.
I have configured the router as the dhcp server for vlan 20 tested it and it is working fine
When I put guest wlan in the guest vlan on the controller, redirection seizes to occur even if I put the ise server in this vlan

Here are my questions

Can I restrict guests from accessing my corporate network via an access-list?
Do I need to change the native vlan
Or what can I do to make this scenario work in such a way that the internal wlan is authenticated by the AD and the guest vlan is authenticated by ISE and restrict guests from accessing internal network

I have attached a picture of how my topology looks like.

Thanks