cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
 
ISE 2.3 Patch 7 has been posted. This will be the last patch for the ISE 2.3 release!
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1245
Views
25
Helpful
20
Replies
Highlighted
Beginner

Cisco ISE web redirect not working

Can anyone help with this. I have an open SSID doing MAC filtering to ISE with the following auth rules;

 

Capture.PNG

 

 

My devices is hitting correct rule for the unknown MAC but it is not redirecting me to the guest portal & is allowing me access in the associated VLAN assigned to the WebAuth policy.

Capture1.PNGCapture2.PNG

 

Everyone's tags (4)
3 ACCEPTED SOLUTIONS

Accepted Solutions
VIP Advocate RJI VIP Advocate
VIP Advocate

Re: Cisco ISE web redirect not working

Ok. Check the ACL on the WLC and ensure the case is the same as defined on ISE and spelling.

Check this page and double check the configuration of the WLC configuration.

VIP Advocate RJI VIP Advocate
VIP Advocate

Re: Cisco ISE web redirect not working

Hi,

Glad to hear it's working now. I haven't used Guest for a log time, but does this link do what you want? This is to configure approval request email to a sponsor.

 

HTH

Beginner

Re: Cisco ISE web redirect not working

After applying the cert to the admin role & restarting ISE all portals on all browsers are now accepting the certificate. Seems strange that they didn't when we applied it to the portal role because that doesn't require a restart.

20 REPLIES 20
Beginner

Re: Cisco ISE web redirect not working

Just to add, I can browse to the redirect link from the device.

VIP Advocate RJI VIP Advocate
VIP Advocate

Re: Cisco ISE web redirect not working

Hi,
When you access the link from the device is it via FQDN or IP address?....can the device resolve the dns hostname of the ISE PSN?

Can you confirm the redirect ACL been applied to the interface?...what is the output of "show authentication session interface Gi x" ?

What is the configuration of your called ACL_WEBAUTH_REDIRECT?
Beginner

Re: Cisco ISE web redirect not working

Hi,

 

Accessing the link works using the FQDN & the client can resolve this.

What interface would the ACL be applied to being this a wireless connection?

 

Below show the attribute of the Cisco_WebAuth profile but where to I find the configuration of the ACL_WEBAUTH_REDIRECT.

 

Capture3.PNG

 

There is also a "!" withe the following note;

 

Capture4.PNG

 

 

VIP Advocate RJI VIP Advocate
VIP Advocate

Re: Cisco ISE web redirect not working

Sorry I mis-read the original post and assumed it was wired. Can you confirm the configuration of the ACL_WEBAUTH_REDIRECT ACL defined on the WLC? Can you check the WLC for the client session and confirm the redirect ACL is applied.
Beginner

Re: Cisco ISE web redirect not working

It doesn't look like it is applying the ACL. Do I need to create the ACL on the WLC as well?

 

Capture5.PNG

VIP Advocate RJI VIP Advocate
VIP Advocate

Re: Cisco ISE web redirect not working

Ok. Check the ACL on the WLC and ensure the case is the same as defined on ISE and spelling.

Check this page and double check the configuration of the WLC configuration.

Beginner

Re: Cisco ISE web redirect not working

Awesome thank you. It works. Wish I had this guide before.

 

I've another question now.

 

A guest theoretically could enter any details they like on the registration page to get access. Is there a way to verify them by email or any other methods? We sometimes have minors on site & they might need a different level of access or URL filtering, either way, for compliance we would have to be able to identify the users.

VIP Advocate RJI VIP Advocate
VIP Advocate

Re: Cisco ISE web redirect not working

Hi,

Glad to hear it's working now. I haven't used Guest for a log time, but does this link do what you want? This is to configure approval request email to a sponsor.

 

HTH

Beginner

Re: Cisco ISE web redirect not working

Only issue is the web page only seems to work with IE or edge. Is there support for other browsers & mobile devices?

VIP Advocate RJI VIP Advocate
VIP Advocate

Re: Cisco ISE web redirect not working

Do you get a certificate on the non MS browsers? If you are using an Internal CA then the IE/Edge browsers would automatically trust those certificates and not present a certificate error. Firefox/Chrome and a mobile browser would not trust the Internal CA unless specifically configured to do.

HTH
Beginner

Re: Cisco ISE web redirect not working

We have imported the full certificate chain that has been signed by a CA authority & bound the original cert request. It has being used by the default portal certificate group and we can confirm in the browser when redirected that is is using this certificate but it is still saying it is not trusted.

 

Cert error1.PNGcert error.PNG

VIP Advocate RJI VIP Advocate
VIP Advocate

Re: Cisco ISE web redirect not working

Does your client computer have the QuoVadis EV SSL ICA G3 certificate in it's machine store?
Beginner

Re: Cisco ISE web redirect not working

No it doesn't

VIP Advocate RJI VIP Advocate
VIP Advocate

Re: Cisco ISE web redirect not working

That QuoVadis certificate needs to be imported to the computer trusted certificate store, otherwise the web browser will consider it untrusted and error.