Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
358
Views
1
Helpful
13
Replies

Guest users connected on WIFI but no internet

Weezy-F
Level 1
Level 1

‎01-08-2025 10:18 PM

Our Guest users are able to connect on WIFI. I was able to verify it successfully authenticated on our CISCO ISE and WLC is working properly. 

 

Is there a way that I can Reset the policy counters on CISCO ISE via CLI? Please let me know

Labels:
0 Helpful
13 Replies 13

MHM Cisco World
VIP
VIP

‎01-08-2025 10:26 PM

Mostly issue with ACL' 

Can I see redirect ACL ?

Can I see ISE log live ?

MHM

0 Helpful

Weezy-F
Level 1
Level 1
In response to MHM Cisco World

‎01-09-2025 09:01 PM

Everyone thank you for your response.

 So, here's what we found out. Either a setting reverted on the portal or it’s just corrupt. the profiles just get corrupt if a process ends weird. So right now the SINGAPORE SITE is working properly now, however our Kuala Lumpur Site is not. So the main issue is whenever our Local IT tries to generate a PW on Sponsored Guest portal, when they login they have an error 400 bad request. It's been fix now. 

 

Singapore is working properly, but Kuala Lumpur is not. They can access the portal and they can provide password to the guest users however when the guest users connect on our WIFI it says No internet. Our settings on ISE are all correct ACL, AUTH profile, and eveything because the Singapore is working properly.  But the KL is not. I'm thinking our Cisco WLC have an issue? what you think?

 

0 Helpful

MHM Cisco World
VIP
VIP
In response to Weezy-F

‎01-09-2025 09:42 PM

Try ping from wifi client to GW 

If sucess check NAT 

If not check GW IP in dhcp server 

MHM

0 Helpful

Weezy-F
Level 1
Level 1
In response to MHM Cisco World

‎01-09-2025 10:15 PM

GW is reachable, the NAT is there also, as well as the DHCP is working.

 

One thing I notice if we add the mac manually on ISE under group WIFI-MAB group the user will be able to access the internet. 

But prior adding their MAC on ISE, they can connect on WIFI but it says no internet.

MHM Cisco World
VIP
VIP
In response to Weezy-F

‎01-11-2025 02:19 AM

I send you PM 

MHM

0 Helpful

Weezy-F
Level 1
Level 1
In response to MHM Cisco World

‎01-12-2025 06:05 PM

Replied on you

0 Helpful

Weezy-F
Level 1
Level 1
In response to MHM Cisco World

‎01-12-2025 07:25 PM

I sent you a PM too. Thank you.

0 Helpful

Flavio Miranda
VIP
VIP

‎01-09-2025 09:16 AM

@Weezy-F 

You take a look on the command "application configure ise" but be careful with this command. 

If you can, run It in a lab First. 

0 Helpful

Weezy-F
Level 1
Level 1
In response to Flavio Miranda

‎01-09-2025 09:02 PM

 So, here's what we found out. Either a setting reverted on the portal or it’s just corrupt. the profiles just get corrupt if a process ends weird. So right now the SINGAPORE SITE is working properly now, however our Kuala Lumpur Site is not. So the main issue is whenever our Local IT tries to generate a PW on Sponsored Guest portal, when they login they have an error 400 bad request. It's been fix now. 

 

Singapore is working properly, but Kuala Lumpur is not. They can access the portal and they can provide password to the guest users however when the guest users connect on our WIFI it says No internet. Our settings on ISE are all correct ACL, AUTH profile, and eveything because the Singapore is working properly.  But the KL is not. I'm thinking our Cisco WLC have an issue? what you think?

 

0 Helpful

Flavio Miranda
VIP
VIP
In response to Weezy-F

‎01-10-2025 05:10 AM

@Weezy-F 

 Next step is check on the WLC. Can you enable a debug on the WLC , do the tests and share the logs here?

0 Helpful

Weezy-F
Level 1
Level 1
In response to Flavio Miranda

‎01-12-2025 06:06 PM

I did reboot the WLC just 5 mins ago, still waiting for the local IT update.

0 Helpful

iLoveBGP
Level 1
Level 1

‎01-10-2025 12:20 AM

 

If your guest users are successfully connecting to Wi-Fi and authentication through Cisco ISE is confirmed, but they lack internet access, the issue might lie in the policy enforcement or network path. Resetting policy counters on Cisco ISE could help diagnose or resolve such issues.

To reset policy counters via CLI, you can use the following command:

application stop ise application start ise

This restarts the ISE application, effectively resetting policy counters and clearing cached sessions. Before doing this, ensure that restarting ISE won't disrupt ongoing authentications or network functionality, especially if it’s in a production environment. Alternatively, if you’re troubleshooting session-specific issues, you can clear individual sessions through the GUI by navigating to Operations > Radius > Live Sessions and manually terminating or refreshing problematic sessions.

If the issue persists, verify network configurations, including VLAN mapping, firewall rules, and ACLs applied to guest traffic. There could be restrictions in the network path preventing internet access for guest users.

0 Helpful

Weezy-F
Level 1
Level 1
In response to iLoveBGP

‎01-12-2025 06:07 PM

ACL's and everything are set correctly as the SINGAPORE site works well, however on KL is not. Also I cleared the counters as well on CISCO ISE but didn't resolve the issue.

0 Helpful
Customers Also Viewed These Support Documents