Showing results for 
Search instead for 
Did you mean: 
Register for the monthly ISE Webinars to learn about ISE configuration and deployment.
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.


Self registration Guest portal


I have 2 ISE nodes Version 2.4, Running in Primary Admin and secondary Admin and PSN on both setup.

I am running Radius, TACACS+ and Guest services.

My Radius and Tacacs are working fine.

2 Issues I am facing in my guest setup

1.In Guest access self registration after  connecting on Guest SSID redirect URL is  giving error (400 bad request) on Guest client machine .

2. When I am doing Portal test URL traffic is redirecting to secondary server.

Cisco Employee

Re: Self registration Guest portal

Hi Mateen,

1. Are you getting a 302 redirect in response to initial GET request on client machine or you do get a 302 redirect with redirect URL but when the browser tries accessing that, it shows the error 400 bad request ?


2. ISE will decide which node to be presented for portal unless you statically define which node's IP to be used for guest services


Screenshot 2019-09-19 at 9.41.02 AM.png



Dinesh Moudgil

P.S. Please rate helpful posts.


Re: Self registration Guest portal

Hi mate,


What's the status that you see for the connection on the WLC.

Does it says WEBAUTH_REQD?

Do you see the redirect URL on that session on the WLC?

Can you share the live logs showing on ISE?


Regarding the other PSN handling the guest traffic, it is possible that:

 1. If you have configured on WLC primary and secondary AAA server, there was a recent disconnection to the primary which has triggered the traffic to failover the secondary. And RADIUS fallback option is not enabled.


 2. Could be an issue on the Authorization profile pointing to a 2nd FQDN.


 3. Could also be natting or firewall issues on the path basing from that error.


But again, it would be clearer if you can send the detailed logs on both ISE and WLC.






Cisco Employee

Re: Self registration Guest portal

Check out the prescriptive guest guide under

The portal test URL will bring up the PSN with the lowest IP I believe. Is there a problem with that? You cant choose which PSN to look at.