configuring ise
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-19-2014 02:12 AM - edited 03-10-2019 10:17 PM
hi guys,
I am deploying ise 1.2.1.198 with wlc 5508 for guest web authentication but redirection is not occuring and also clients are not getting dhcp.
I have not configured any switch for this deployment. (do I have to? )
- Labels:
-
AAA

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-19-2014 05:27 AM
can you share the authorization profile and policies? Take the configuration help from below
http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115732-central-web-auth-00.html
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-22-2014 09:08 AM
check ACL on WLC "ACL-WEBAUTH_REDIRECT" configured for redirection
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-22-2014 12:35 PM
Yes, you have to.
Ensure that you configure the switchport connected to the WLC as a trunk:
interface GigabitEthernet0/23
description wlc
switchport trunk encapsulation dot1q
switchport mode trunk
Also ensure that the VLANs used have the ip helper address pointing to the DHCP Server:
interface Vlan50
description GUEST
ip address 10.1.50.1 255.255.255.0
ip helper-address 10.1.100.10
Whichever ACLs you reference on your ISE must exist on your WLC:
These are the first steps to proper redirection.
Be sure to check the Admin Guide for further guidance:
Please Rate Helpful posts and mark this question as answered if, in fact, this does answer your question. Otherwise, feel free to post follow-up questions.
Charles Moreton
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-04-2015 11:07 PM
I have managed to set up cisco ise and redirection is working fine but my problem is to separate guest traffic from the corporate traffic. Here is a brief scenario of what I have running
- Layer three switch has only fiber ports.
- All the switches connect to the core switch(L3) and access points are distributed to all the switches that are in various parts of the building
- WLC connects to the core switch
- Everything is in the default vlan 1
- The internal wlan is been authenticated by active directory in the DHCP server which is also providing dhcp services (this is before ise was introduced)
- The ise server is the radius server
This is what I have been trying to do
- I have configured another vlan (20) for guest wlan and configured a sub –interface on the router for it.
- I have configured the router as the dhcp server for vlan 20 tested it and it is working fine
- When I put guest wlan in the guest vlan on the controller, redirection seizes to occur even if I put the ise server in this vlan
Here are my questions
- Can I restrict guests from accessing my corporate network via an access-list?
- Do I need to change the native vlan
- Or what can I do to make this scenario work in such a way that the internal wlan is authenticated by the AD and the guest vlan is authenticated by ISE and restrict guests from accessing internal network
I have attached a picture of how my topology looks like.
Thanks
