01-14-2013 02:42 PM - edited 03-10-2019 07:58 PM
I have a couple of issues with this solution:
a) Each time a user logs in, the untrusted certificate message appears twice. The first one with the WLC IP address, the second one with the ISE IP address. Is this a bug or some kind of mistake configuration?
b) In the Guest Accounting report every guest session is reported twice. One with the correct log in and log out times, the second indicates the user is still on network even after several days he/she had been disconnected.
I think the second issue is in some way related with the first one.
Thanks in advance
Daniel Escalante
01-14-2013 06:41 PM
Hi,
What device are you experiencing the certificate related errors? What version of ISE and WLC are presently running? Also can you post a screenshot of the logs that you are referring to and were you able to verify that the client's entry isnt active in the WLC client page?
Thanks,
Tarik Admani
*Please rate helpful posts*
01-15-2013 11:19 AM
The certificate message appears on Windows PCs and IPads which are the devices mainly used by the customer.
ISE is running version 1.1.2.145, WLC's are running 7.0.235
01-15-2013 06:00 PM
I am trying to figure out the protocol sequence:
1) The PC client gets IP address from the DHCP (anchor WLC in this case)
2) When the browser is open and a HTML request is send, the WLC intercepts it and redirect to ISE
3) Before the Guest Authentication Portal is displayed in the browser PC, an untrusted certicate message coming from the ISE should be displayed.
4) Once the untrusted certificate message is accepted (continue), the guest authentication portal is displayed
5) The user type in its credentials
6) the Successful Login message is received with the WLC IP address
7) the user is able to browse the internet
The problem appears in steps 3 and 4. The untrusted certificate message is first showed with the WLC Virtual IP address and then with the ISE IP address.
I think the message with the WLC address should not be sent, only the ISE message.
In Step 6 the successful login message should indicate the ISE IP address, no the WLC IP Virtual address.
I will appreciate your assistance to clarify the event sequence and proper functionality
Thanks in advance.
Daniel Escalante.
01-15-2013 07:34 PM
We are having this problem, we must first accept the certificate of the ISE, and soon after of the WLC, because of that some browsers like google does not work properly.
Another problem is that we look to send the user VLAN change is necessary to apply the visitor posture ie it is mandatory to have the advanced license.
Currently we need a single SSID and according to this guest user will receive an ip of your vlan.
05-22-2013 03:41 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide