cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
 
Register for the monthly ISE Webinars to learn about ISE configuration and deployment.
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

74
Views
0
Helpful
3
Replies
Beginner

Self registration Guest portal

Hello,

I have 2 ISE nodes Version 2.4, Running in Primary Admin and secondary Admin and PSN on both setup.

I am running Radius, TACACS+ and Guest services.

My Radius and Tacacs are working fine.

2 Issues I am facing in my guest setup

1.In Guest access self registration after  connecting on Guest SSID redirect URL is  giving error (400 bad request) on Guest client machine .

2. When I am doing Portal test URL traffic is redirecting to secondary server.

3 REPLIES 3
Cisco Employee

Re: Self registration Guest portal

Hi Mateen,


1. Are you getting a 302 redirect in response to initial GET request on client machine or you do get a 302 redirect with redirect URL but when the browser tries accessing that, it shows the error 400 bad request ?

 

2. ISE will decide which node to be presented for portal unless you statically define which node's IP to be used for guest services

 

Screenshot 2019-09-19 at 9.41.02 AM.png

 

 

Regards,
Dinesh Moudgil

P.S. Please rate helpful posts.

Beginner

Re: Self registration Guest portal

Hi mate,

 

What's the status that you see for the connection on the WLC.

Does it says WEBAUTH_REQD?

Do you see the redirect URL on that session on the WLC?

Can you share the live logs showing on ISE?

 

Regarding the other PSN handling the guest traffic, it is possible that:

 1. If you have configured on WLC primary and secondary AAA server, there was a recent disconnection to the primary which has triggered the traffic to failover the secondary. And RADIUS fallback option is not enabled.

 

 2. Could be an issue on the Authorization profile pointing to a 2nd FQDN.

 

 3. Could also be natting or firewall issues on the path basing from that error.

 

But again, it would be clearer if you can send the detailed logs on both ISE and WLC.

 

 

Cheers,

 

Raffy

Cisco Employee

Re: Self registration Guest portal

Check out the prescriptive guest guide under http://cs.co/ise-guest

The portal test URL will bring up the PSN with the lowest IP I believe. Is there a problem with that? You cant choose which PSN to look at.