Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
767
Views
0
Helpful
2
Replies

CWA Portal in Distributed Deployment

Go to solution
nikhilcherian
Level 5
Level 5

‎11-18-2017 07:08 AM - edited ‎02-21-2020 10:39 AM

I am facing a similar issue described in the below discussion, I couldn't find any answers to the question, hence posting again 

 

https://supportforums.cisco.com/t5/aaa-identity-and-nac/ise-2-1-0-474-issue-selecting-certificate-group-tag/td-p/3003059

 

My issue is below

 

  1. I have two sites, Site A & site B. Each site have a pair of PSN nodes. PAN nodes  & DNS for  both sites reside in SiteA
  2. Is there any way I can re-direct the CWA requests from SiteA to siteA PSN & CWA requests from siteB to PSN in siteB

Thanks

Nikhil

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
jan.nielsen
Level 7
Level 7

‎11-19-2017 03:53 AM

Which PSN node is selected to be used for CWA is determined by which PSN that received the MAB request from the WLC/Switch. So in order to change that, you will need to have your WLC ask your PSN on siteA when the requests comes from an AP at siteA and the same for SiteB. I'm no wireless exper, but i think you could probably do two different wireless profiles in the WLC with same SSID, and then use AP Groups to deploy the different profiles to sitea and siteb, in the profile for site a, you then use the PSNs at site a, and the psn at site b in the profile for site b. You can manually decide which PSN to use after MAB has happened, as the sessionid that your redirect url refers to, is only located on the PSN that did the initial MAB authemtication. Jan

View solution in original post

0 Helpful
2 Replies 2

Go to solution
jan.nielsen
Level 7
Level 7

‎11-19-2017 03:53 AM

Which PSN node is selected to be used for CWA is determined by which PSN that received the MAB request from the WLC/Switch. So in order to change that, you will need to have your WLC ask your PSN on siteA when the requests comes from an AP at siteA and the same for SiteB. I'm no wireless exper, but i think you could probably do two different wireless profiles in the WLC with same SSID, and then use AP Groups to deploy the different profiles to sitea and siteb, in the profile for site a, you then use the PSNs at site a, and the psn at site b in the profile for site b. You can manually decide which PSN to use after MAB has happened, as the sessionid that your redirect url refers to, is only located on the PSN that did the initial MAB authemtication. Jan
0 Helpful

Go to solution
nikhilcherian
Level 5
Level 5
In response to jan.nielsen

‎11-19-2017 04:20 AM

Hi Jan, 

 

Thanks for the reply, I have two separate WLC in the sites &  I have tested this & it works. 

 

Thanks again 

 

Nikhil

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents