Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
372
Views
0
Helpful
1
Replies

Central Web Authentication on Cisco ISE

henockk
Level 1
Level 1

‎11-23-2023 04:33 AM

Hi All,

We have a Cisco ISE 3.1 VM, and we aim to enable guest centralized access using a self-sponsored site. In the Work Center Authorization Profile, there is a requirement for web redirection in both wired and wireless ACLs. Could you please guide me on creating an ACL that incorporates web redirection?

henockk_0-1700742591796.png

 

0 Helpful
1 Reply 1

Aref Alsouqi
VIP
VIP

‎11-23-2023 08:37 AM - edited ‎11-23-2023 08:41 AM

That is the redirect ACL that should be applied to the wired NADs as well as the WLC. Usually we deny (bypass) the traffic destined to ISE PSNs, specifically on port 8443/tcp (if it hasn't changed from its default), DNS, DHCP (I think it wouldn't be required though), and then we allow (redirect) web traffic on port 80. The name of the ACL in the authorization profile must match the name of the ACL created on the network devices. Take a look at this link please to get a better idea of how the ACL would look like:

https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/213920-central-web-authentication-cwa-on-cata.html#toc-hId-881505252

 

0 Helpful
Customers Also Viewed These Support Documents