cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

588
Views
0
Helpful
2
Replies
nikhilcherian
Contributor

CWA Portal in Distributed Deployment

I am facing a similar issue described in the below discussion, I couldn't find any answers to the question, hence posting again 

 

https://supportforums.cisco.com/t5/aaa-identity-and-nac/ise-2-1-0-474-issue-selecting-certificate-group-tag/td-p/3003059

 

My issue is below

 

  1. I have two sites, Site A & site B. Each site have a pair of PSN nodes. PAN nodes  & DNS for  both sites reside in SiteA
  2. Is there any way I can re-direct the CWA requests from SiteA to siteA PSN & CWA requests from siteB to PSN in siteB

Thanks

Nikhil

1 ACCEPTED SOLUTION

Accepted Solutions
jan.nielsen
Rising star

Which PSN node is selected to be used for CWA is determined by which PSN that received the MAB request from the WLC/Switch. So in order to change that, you will need to have your WLC ask your PSN on siteA when the requests comes from an AP at siteA and the same for SiteB. I'm no wireless exper, but i think you could probably do two different wireless profiles in the WLC with same SSID, and then use AP Groups to deploy the different profiles to sitea and siteb, in the profile for site a, you then use the PSNs at site a, and the psn at site b in the profile for site b. You can manually decide which PSN to use after MAB has happened, as the sessionid that your redirect url refers to, is only located on the PSN that did the initial MAB authemtication. Jan

View solution in original post

2 REPLIES 2
jan.nielsen
Rising star

Which PSN node is selected to be used for CWA is determined by which PSN that received the MAB request from the WLC/Switch. So in order to change that, you will need to have your WLC ask your PSN on siteA when the requests comes from an AP at siteA and the same for SiteB. I'm no wireless exper, but i think you could probably do two different wireless profiles in the WLC with same SSID, and then use AP Groups to deploy the different profiles to sitea and siteb, in the profile for site a, you then use the PSNs at site a, and the psn at site b in the profile for site b. You can manually decide which PSN to use after MAB has happened, as the sessionid that your redirect url refers to, is only located on the PSN that did the initial MAB authemtication. Jan

View solution in original post

Hi Jan, 

 

Thanks for the reply, I have two separate WLC in the sites &  I have tested this & it works. 

 

Thanks again 

 

Nikhil

Content for Community-Ad