cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

514
Views
10
Helpful
5
Replies
Highlighted
Beginner

Cisco ISE - Guest portal does not connect on some of the access points

Hi all,

 

We're having this issue that users cannot complete guest portal registration on some access points. Doesn't happen on all access points.  When attempting to connect to the Guest network , the sign-in page is presented after connecting > After entering required details and hitting connect, the page appears to go in to a loading loop and eventually prompts with a connection error. They remain disconnected but if they turn WiFi off and on and connect to guest WiFi again they get connected.

 

Any idea what the issue is and where to look to troubleshoot?

** Please rate this post or accept the solution if it helped! :) **
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted


Is CoA tick box enabled on the WLAN's settings? Where is this setting? On WLC?

coa.png

 

Have you made any correlation between the APs where this problem is not happening, vs where it is happening? I assume this is a controller based AP deployment, and all APs are on the same controller? 

Yeah same controller and all APs were working fine until this issue started. and no difference between APs configuration. All other SSIDs are working fine too it's just guest portal. If I bypass guest portal, guest WiFi actually works fine on those problematic APs


Are you running APs in Local mode or FlexConnect? If FlexConnect then there could be some variation in how the individual APs are configured (Flex Groups, FlexACL, VLAN assignments etc).

 

In Local Mode there should be no difference between APs as long as the APs are in the appropriate AP Group which contains that WLAN config. For Flex APs check whether the APs are all in the appropriate AP Group too. When APs are not in the correct AP Group (or if the AP Groups have differing NAS-ID values that ISE might rely on) then there could be chaos.

View solution in original post

5 REPLIES 5
Highlighted
VIP Advisor

Do you have more than one ISE server configured in your WLAN RADIUS Server list?

If so, do you ensure that the URL redirection is sent with the correct URL that corresponds to the PSN which processed the MAB Authentication? Do you use the PSN's native FQDN (i.e. the FQDN as seen on the PSN's CLI) or using static FQDN override in the ISE Authorization Profile?

Is CoA tick box enabled on the WLAN's settings?

Have you made any correlation between the APs where this problem is not happening, vs where it is happening? I assume this is a controller based AP deployment, and all APs are on the same controller?

 

Highlighted

Thanks Arne for your reply

 

Do you have more than one ISE server configured in your WLAN RADIUS Server list? Just one

 

Is CoA tick box enabled on the WLAN's settings? Where is this setting? On WLC?

 

Have you made any correlation between the APs where this problem is not happening, vs where it is happening? I assume this is a controller based AP deployment, and all APs are on the same controller? 

Yeah same controller and all APs were working fine until this issue started. and no difference between APs configuration. All other SSIDs are working fine too it's just guest portal. If I bypass guest portal, guest WiFi actually works fine on those problematic APs

** Please rate this post or accept the solution if it helped! :) **
Highlighted

I noticed when the issue is happening and post registraion is in a loop state , if I move towards a working AP it starts to connect fine. But if I stay within the problematic AP, it never connects and statys in the loop until a connection error. It connects fine if I turn WiFi off and on again and connect to guest WiFi 

** Please rate this post or accept the solution if it helped! :) **
Highlighted


Is CoA tick box enabled on the WLAN's settings? Where is this setting? On WLC?

coa.png

 

Have you made any correlation between the APs where this problem is not happening, vs where it is happening? I assume this is a controller based AP deployment, and all APs are on the same controller? 

Yeah same controller and all APs were working fine until this issue started. and no difference between APs configuration. All other SSIDs are working fine too it's just guest portal. If I bypass guest portal, guest WiFi actually works fine on those problematic APs


Are you running APs in Local mode or FlexConnect? If FlexConnect then there could be some variation in how the individual APs are configured (Flex Groups, FlexACL, VLAN assignments etc).

 

In Local Mode there should be no difference between APs as long as the APs are in the appropriate AP Group which contains that WLAN config. For Flex APs check whether the APs are all in the appropriate AP Group too. When APs are not in the correct AP Group (or if the AP Groups have differing NAS-ID values that ISE might rely on) then there could be chaos.

View solution in original post

Highlighted

Interestingly the AP was in local mode, changing it to Flexconnect fixed the issue straightaway! Thanks for the help

 

** Please rate this post or accept the solution if it helped! :) **