Ciclic External Web Authentication Login Page with Cisco ISE

aparada14 · ‎03-04-2014

Hi, I have a problem trying to make external web authentication with an ISE server. I am using the following devices and scenary. Foreign-Anchor WLC Scenary: 1 WLC 5500 as a Foreign 1 WLC 5500 as an Anchor 1 Asa 5505 1 Internet Cisco Router 1 ISE as a Ext Web Auth 1 Core Switch 4500 Anchor WLC is also configured as a DHCP server to give Ip address for wireless guests. I have configured EoIp successfully between both WLCs and all permissions are given in the firewall, wireless guest can received ip address from Anchor WLC and load the web login page from ISE server successfully. I also have created the guest user credentials in the sponsor portal from ISE. When I am trying to get access via a wireless laptop pc I am receiving the web page correctly and entering the credentials I can see I have been authenticated on the ISE server but when I want to navigate on internet I am asked again for entering credentials again and again. What do I have to configure to avoid this and get access to internet once authenticated? Thanks in advance.

Mohammed Abdus Subhan · ‎03-09-2014

Did you configure in WLC External Web Authentication link.

Configure the WLC for External Web Authentication

The next step is to configure the WLC for the external web authentication. Complete these steps:

From the controller GUI, choose Security > Web Auth > Web Login Page in order to access the Web Login Page.
From the Web Authentication Type drop-down box, choose External (Redirect to external server).
In the External Web server section, add the new external web server.
In the Redirect URL after login field, enter the URL of the page to which the end user will be redirected to upon successful authentication. In the External Web Auth URL field, enter the URL where the login page is stored on the external web server.

aparada14 · ‎03-10-2014

Hi, I did all the steps you mentioned. I am receiving the login page from the external server and I enter username and password and receive again the login page from external server. I can see a succesful first authentication in logs from ise.

Mohammed Abdus Subhan · ‎03-11-2014

The problem with Authentication policy, check the Authentication policy again. what is the default rule in Authentication.

Nilo Noguera · ‎09-09-2014

Hi,

You can reach out to our Cisco Technical Assistance Center (TAC) for help with the issue you have reported. Please check if you have a Cisco contract such as SMARTnet or Cisco Software Application Support (SAS) Service is required to be able to be covered by TAC.

You can contact the Cisco Technical Assistance Center (TAC) in one of the following ways:

•Online: http://www.cisco.com/tac/

•E-mail: tac@cisco.com

•Phone: North America 800-553-2447 | Australia 1-800-805-227 | Europe 32-2-704-5555 | Asia-Pacific 61-2-8446-7411 | UK 0800-404-7778

Please see the following URL for other contact numbers:

http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html

If you don't have a Cisco contract such as SMARTnet or Cisco Software Application Support (SAS) Service to be able to be covered by TAC, you can post your question to the Cisco Support Community website (https://supportforums.cisco.com/) and somebody will assist you with your questions.

I appreciate this opportunity to assist you and I do hope the information I sent you pointed you to the right direction.

Best regards,

"Nilz"

Nilo Noguera

.:|:.:|:. Specialist, Cisco Global Virtual Engineering - Cisco Partner Help

http://www.cisco.com/web/partners/tools/ph.html

"niLz" Nilo Noguera Jr. | Specialist, Virtual Engineering - Partner Helpline Organization together we are the human network