07-16-2024 11:26 AM
Hi,
We have a two node deployment of ISE 3.3 in Azure. We have added a second NIC to the virtual machine to be our Guest interface.
When loading our Guest SSID the splash page is no longer loading. Below is what I have done so far.
Subnet of the interface in Azure has route table assigned.
GigabitEthernet 1 has been configured in ISE CLI
Default gateway in CLI is gateway of Gig 0.
Any pointers on what is missing?
Solved! Go to Solution.
07-16-2024 11:44 AM - edited 07-16-2024 11:45 AM
Who is managing your SSID? How this device is configured?
If your ISE have a default gateway pointing to Gig0 and your Guest networks comes from Gig1, How the ISE is replying the traffic to the Guest users? It would expect you to add routes on the ISE for the Guest networks, otherwise the traffic will be sent to the Gig0 interface.
07-16-2024 11:44 AM - edited 07-16-2024 11:45 AM
Who is managing your SSID? How this device is configured?
If your ISE have a default gateway pointing to Gig0 and your Guest networks comes from Gig1, How the ISE is replying the traffic to the Guest users? It would expect you to add routes on the ISE for the Guest networks, otherwise the traffic will be sent to the Gig0 interface.
07-16-2024 02:32 PM
We are managing our SSID through Meraki dashboard.
SSID is configured with walled garden which includes NIC IP & FQDN - this added through ip host in CLI & our internal DNS domain.
Under Guest SSID I have listed RADIUS server as Gig1 interface
ISE is responding with URL Redirect, I can also observe this packet on a pcap at the onsite MX. However Splash page never loads.
If I browse the redirect URL from a corporate PC it gives 400 bad request, so is reachable with routing for Gig1 in place.
07-17-2024 03:59 AM
@Flavio Miranda thanks. I looked further into your suggestion to solve my initial issue.
My default gateway is the DG of subnet attached to gig0
Added a default route pointing to DG of subnet attached to gig1 which works for splash page when loading on IP only.
Believe there is another issue on splash page using FQDN, going to try Meraki support first.
07-17-2024 11:32 AM
Seems like DNS problem.
07-17-2024 02:38 PM
I don't think it's DNS. Everything I've tested proves that to be working. I've detailed here since a different issue - https://community.cisco.com/t5/network-access-control/ise-hotspot-page-not-loading-on-guest-ssid/m-p/5146254#M590691
07-16-2024 01:00 PM
Dual NIC is supported with only two NICs—Gigabit Ethernet 0 and Gigabit Ethernet 1. To configure a secondary NIC in your Cisco ISE instance, you must first create a network interface object in Azure, power off your Cisco ISE instance, and then attach this network interface object to Cisco ISE. After you install and launch Cisco ISE on Azure, use the Cisco ISE CLI to manually configure the IP address of the network interface object as the secondary NIC.
07-16-2024 02:33 PM
@ahollifield thanks.
I have both NIC's attached. Issue appears with redirect now which is detailed above.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide