cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
180
Views
0
Helpful
4
Replies

configuring ise

kennedymacharia
Beginner
Beginner

hi guys,

I am deploying ise 1.2.1.198 with wlc 5508 for guest web authentication but  redirection is not occuring and also clients are not getting dhcp.

I have not configured any switch for this deployment. (do I have to? )

 

 

4 Replies 4

Saurav Lodh
Rising star
Rising star

can you share the authorization profile and policies? Take the configuration help from below

http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115732-central-web-auth-00.html

Venkatesh Attuluri
Cisco Employee
Cisco Employee

check ACL on WLC "ACL-WEBAUTH_REDIRECT" configured for redirection

Charlie Moreton
Cisco Employee
Cisco Employee

Yes, you have to.

Ensure that you configure the switchport connected to the WLC as a trunk:

interface GigabitEthernet0/23
 description wlc
 switchport trunk encapsulation dot1q
 switchport mode trunk

Also ensure that the VLANs used have the ip helper address pointing to the DHCP Server:

interface Vlan50
 description GUEST
 ip address 10.1.50.1 255.255.255.0
 ip helper-address 10.1.100.10

 

Whichever ACLs you reference on your ISE must exist on your WLC:

These are the first steps to proper redirection.

Be sure to check the Admin Guide for further guidance:

http://www.cisco.com/c/en/us/td/docs/security/ise/1-3/admin_guide/b_ise_admin_guide_13/b_ise_admin_guide_sample_chapter_0100001.html

 

Please Rate Helpful posts and mark this question as answered if, in fact, this does answer your question.  Otherwise, feel free to post follow-up questions.

Charles Moreton

 

I have managed to set up cisco ise  and redirection  is working fine  but my problem is to separate  guest traffic from the corporate traffic. Here is a brief scenario of what I have running

  • Layer three switch has only fiber ports.
  • All the switches connect to the core switch(L3) and access points are distributed to all the switches that are in various parts of the building
  • WLC connects to the  core switch
  • Everything  is in the default vlan 1
  • The internal wlan is been authenticated by active directory in the DHCP server which is also providing dhcp services (this is before ise was introduced)
  • The ise server is the radius server

This is what I have been trying to do

  • I have configured another vlan (20) for guest wlan and configured  a sub –interface on the router for it.
  • I have configured the router as the dhcp server for vlan 20 tested it and it is working fine
  • When I put guest wlan in the guest vlan on the controller, redirection seizes to occur even if I put the ise server in this vlan

Here are my questions

  • Can I restrict guests from accessing my corporate network via an access-list?
  • Do I need to change the native vlan
  • Or what can I do to make this scenario work in such a way that the internal wlan is authenticated by the AD and the guest vlan is authenticated by ISE and restrict guests from accessing internal network

I have attached a picture of how my topology looks like.

                                                                           Thanks

 

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers