https://community.cisco.com/t5/network-access-control/cisco-ise-guest-portal/m-p/2438730#M87341 <P>Hello Teymur,</P><P>The redirect ACL need to be configured on WLC. This ACL is referenced in the access−accept of the ISE and defines what traffic should be redirected (denied by the ACL) and what traffic should not be redirected (permitted by the ACL). Basically, DNS and traffic to/from the ISE needs to be permitted.</P><P>For further details go through this document:</P><P><U>http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115732-central-web-auth-00.html</U></P><P>&nbsp;</P><P>"Please rate helpful posts"</P> Thu, 13 Mar 2014 08:56:49 GMT Poonam Garg 2014-03-13T08:56:49Z https://community.cisco.com/t5/network-access-control/cisco-ise-guest-portal/m-p/2438729#M87340 <P>Dears,</P><P>&nbsp;</P><P>I want to configurate guest portal(Central Web authentication) &nbsp;for wireless client on Cisco ISE. I confuse that:</P><P>Must i configure redirect ACL in switch? If yes which access-group or which interface i applied this redirect ACL?&nbsp;</P><P>I read that must be create redirect ACL in WLC.&nbsp;</P> Mon, 11 Mar 2019 04:31:42 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-guest-portal/m-p/2438729#M87340 teymur azimov 2019-03-11T04:31:42Z https://community.cisco.com/t5/network-access-control/cisco-ise-guest-portal/m-p/2438730#M87341 <P>Hello Teymur,</P><P>The redirect ACL need to be configured on WLC. This ACL is referenced in the access−accept of the ISE and defines what traffic should be redirected (denied by the ACL) and what traffic should not be redirected (permitted by the ACL). Basically, DNS and traffic to/from the ISE needs to be permitted.</P><P>For further details go through this document:</P><P><U>http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115732-central-web-auth-00.html</U></P><P>&nbsp;</P><P>"Please rate helpful posts"</P> Thu, 13 Mar 2014 08:56:49 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-guest-portal/m-p/2438730#M87341 Poonam Garg 2014-03-13T08:56:49Z https://community.cisco.com/t5/network-access-control/cisco-ise-guest-portal/m-p/2438731#M87342 <P>I also do my configuration form these guide. In this guide write that:</P><H4 style="color: rgb(0, 0, 0); font-family: arial, helvetica, sans-serif; font-size: 12px; line-height: normal;">reate the Authorization Profile</H4><P style="color: rgb(0, 0, 0); font-family: arial, helvetica, sans-serif; font-size: 12px; line-height: normal;">On the ISE, the authorization profile must be created. Then, the authentication and authorization policies are configured. The WLC should already be configured as a network device.</P><P style="color: rgb(0, 0, 0); font-family: arial, helvetica, sans-serif; font-size: 12px; line-height: normal;">In the authorization profile, enter the name of the ACL created earlier on the WLC.</P><OL style="color: rgb(0, 0, 0); font-family: arial, helvetica, sans-serif; font-size: 12px; line-height: normal;"><LI>Click&nbsp;<STRONG>Policy</STRONG>, and then click&nbsp;<STRONG>Policy Elements</STRONG>.<BR />&nbsp;</LI><LI>Click&nbsp;<STRONG>Results</STRONG>.<BR />&nbsp;</LI><LI>Expand&nbsp;<STRONG>Authorization</STRONG>, and then click&nbsp;<STRONG>Authorization profile</STRONG>.<BR />&nbsp;</LI><LI>Click the&nbsp;<STRONG>Add</STRONG>&nbsp;button in order to create a new authorization profile for central webauth.<BR />&nbsp;</LI><LI>In the&nbsp;<STRONG>Name</STRONG>&nbsp;field, enter a name for the profile. This example uses&nbsp;<STRONG>WLC_CWA</STRONG><EM>.</EM><BR />&nbsp;</LI><LI>Choose&nbsp;<STRONG>ACCESS_ACCEPT</STRONG>&nbsp;from the Access Type drop-down list.<BR />&nbsp;</LI><LI>Check the&nbsp;<STRONG>Web Redirection</STRONG>&nbsp;check box, and choose&nbsp;<STRONG>Centralized Web Auth</STRONG>&nbsp;from the drop-down list.<BR />&nbsp;</LI><LI><SPAN style="font-size:11px;"><SPAN style="color:#FF0000;"><STRONG>In the ACL field, enter the name of the <U>ACL on the switch that defines the traffic to be redirected. </U>This examples usescwa_redirect.</STRONG></SPAN></SPAN></LI></OL><P>this confuse me.&nbsp;</P> Thu, 13 Mar 2014 09:01:58 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-guest-portal/m-p/2438731#M87342 teymur azimov 2014-03-13T09:01:58Z https://community.cisco.com/t5/network-access-control/cisco-ise-guest-portal/m-p/2438732#M87343 <P>Hi,</P><P>check the below link for configuration example for Switch and WLC.</P><P>http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/113362-config-web-auth-ise-00.html</P><P>http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115732-central-web-auth-00.html</P> Wed, 03 Sep 2014 07:06:48 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-guest-portal/m-p/2438732#M87343 abwahid 2014-09-03T07:06:48Z https://community.cisco.com/t5/network-access-control/cisco-ise-guest-portal/m-p/2438733#M87344 <P>the ACL which you are referring to<SPAN style="font-size:11px"><SPAN style="color:#FF0000"><STRONG> cwa_redirect</STRONG></SPAN></SPAN> should be configured on WLC not on switch if client type is wireless</P> Wed, 17 Sep 2014 13:20:29 GMT https://community.cisco.com/t5/network-access-control/cisco-ise-guest-portal/m-p/2438733#M87344 Venkatesh Attuluri 2014-09-17T13:20:29Z