Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
212
Views
1
Helpful
2
Replies

CISCO ISE issue on Guest wifi

Weezy-F
Level 1
Level 1

‎01-25-2024 06:03 PM

Hi All,

I need your help. We've been dealing on this issue for a couple of months. So the issue is when users connects on our Guest Wifi once they are on office they getting a message no internet. So to fix this they need to turn off/on the wifi then they will be able to connect. 

 

I did check one of the IPs on Cisco ISE monitoring and I didn't see any issues at all. Also this happens only on a client provided laptop and not company owned laptop. When our company owned laptop connects on guest it doesn't have any issues at all, its just the client provided laptop and why is that happening?

 

Any suggestion would be greatly appreaciated.

Labels:
0 Helpful
2 Replies 2

ahollifield
VIP
VIP

‎01-26-2024 04:01 AM

https://community.cisco.com/t5/security-documents/how-to-ask-the-community-for-help/ta-p/3704356

I assume CWA is being used here for the guest laptops?  Sounds to me like CoA is not working correctly.  What is the NAD?  Is CoA properly configured?

0 Helpful

pieterh
VIP
VIP

‎01-26-2024 06:17 AM - edited ‎01-26-2024 06:19 AM

the "no internet" message is a Microsoft thing, 
When a MS-client connect to a network, MS-Windows performs a reachability check to "connectivitycheck.microsoft.com"
if this check gets no timely response, it reports the status "no internet"
this is not necessarily your wireless network, it can also happen on your wired network

when the check has failed MS starts a back-off timer before this is tried a second time,
so it may be you can ping an internet host, but keep seeing the "no internet" warning

NB! it CAN mean your DHCP response or your authentication is too slow, 
and some Microsoft process performs this check even BEFORE your network is fully active
and as @ahollifield says CoA may not work correctly
so you still need to investigate deeper

you can try to collect and analyze a wlanreport 
open a command promt (as admin) and give the command "netsh wlan show wlanreport"
this will create a HTML file to analyze further,
details are better handled in a MS-windows forum than here in the Cisco Communities

Customers Also Viewed These Support Documents