Guest Wireless portal :- URL redirection to the client is not happened

pradeepgun · ‎12-30-2015

Currently we have POC Anchor-Foreign Scenario for DMZ wireless guest accesses using portal. Once we connected to SSID then we can see the foreign WLC quickly shows the client is in the RUN state and Anchor WLC shows CENTRAL_WEB_AUTH. But still URL redirection to the client is not happened. But when we copy and paste URL from logs to client browser then it is getting correctly. I have attached the redirection ACL for both WLCs and client debugs from both side.

We are using 5760 as Foreign WLC and 5508 WLC with ISE 1.3 patch 5.

Highly appreciated any help.

Tarik Admani · ‎12-30-2015

The ACL entry can be blank on the foreign controller since the acl that is enforced is on the anchor, you have to make sure that the redirect acls that are configured on both controllers are identical as they are case sensitive.

pradeepgun · ‎12-30-2015

Many thanks Tarik.

Here we are using identical ACLs in both controllers and name also same. Do we need to allow DHCP as well. I have configured ACL based on below document.

http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115732-central-web-auth-00.html

Tarik Admani · ‎12-31-2015

No you shouldnt have to because the CWA detection on the controller should allow dhcp and dns traffic through, in my acl that I have I only redirect the webauth port and the ip of ISE and thats all. What version of code are you running on your setup?

pradeepgun · ‎12-31-2015

Thanks Tarik,

Anchor WLC is CT5508 - 7.6.130.0

Foreign WLC is 5760 - 15.2

Would you please check the attached ALCs and if it is possible share your working ACLs