cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1331
Views
0
Helpful
1
Replies

Aruba Controller with ISE CWA portal authentication Issue

xiangwa2
Cisco Employee
Cisco Employee

HI everyone , who had been test Aruba controller with ISE 2.2 guest portal authentication . we want know on iphone or android can be auto pop up portal ?  if you had been test it . pls give me some tips .

In our poc test , guest can not auto pop up portal on iphone and android. we must manual open broswer and enter any url and redirect to ISE guest sponsor portal. CNA is disable on Aruba controller .

Some know issue . pls help me , thks

Our Aruba configuration as below

10.96.105.124 is our ISE address

ip access-list session global-sacl

ip access-list session test-ise

  any host 10.99.206.208 any  permit

  any host 10.96.105.124 any  permit

ip access-list session apprf-test-ise-init-sacl

user-role test-ise-init

captive-portal "test-ise"

access-list session global-sacl

access-list session apprf-test-ise-init-sacl

access-list session test-ise

access-list session logon-control

access-list session captiveportal

aaa authentication-server radius "test-ise"

   host "10.96.105.124"

   key 6abc2531bf352bba35090e35aa3b7ee2

   nas-ip 10.100.235.2

aaa profile "test-ise"

   initial-role "test-ise-init"

   authentication-mac "xxx-internet-mac"

   mac-default-role "xxx-guest"

   mac-server-group "test-ise"

   radius-accounting "test-ise"

   radius-interim-accounting

   rfc-3576-server "10.96.105.124"

aaa server-group "test-ise"

auth-server ciscoise2

aaa profile "xxx-guest"

   initial-role "xxx-guest"

aa authentication captive-portal "test-ise"

   default-role "xxx-guest"

   server-group "test-ise"

   no logout-popup-window

   login-page "https://10.96.105.124:8443/portal/PortalSetup.action?portal=77678bd2-92da-11e7-9b88-024221a50387&action=cwa"

   no enable-welcome-page

ip access-list session xxx-guest

  any any svc-dhcp  permit

  user any svc-dns  permit

  user any svc-icmp  permit

  user   alias guest-server any  permit

  user   alias UAP any  permit

  any host 10.100.23.100 any  permit

  any host 10.100.23.101 any  permit

  user   alias xxx-internal any  deny

  user any any  permit

1 Reply 1

hslai
Cisco Employee
Cisco Employee