Showing results for 
Search instead for 
Did you mean: 

How to Configure WebAuth using Cisco ISE1.1

Level 1
Level 1

Can anyone please help me to confogure WebAuth as ISE as well as Switch end?



4 Replies 4

Cisco Employee
Cisco Employee

Hello Sachin-

Before any advise/help can be provided you will need to provide some additional information such as:

- A more detailed information on what exactly you are trying to accomplish and the environment that you have

- What typ eof WebAuth are you trying to use (CWA, LWA, etc)

- Are you trying to accomplish this for wired and/or wireless

- Any additional info that can help us understand your situation better

In the meantime you might want to read the End User Guide for ISE. More specifically the "Guest Services Functionality" section might be in the best interest for you:

Thank you for rating!

i am configuring central web auth for guest or for new devices which are not having certs on them(wired)

Sorry Sachin, I thought I replied to this post already but it appears that I missed it somehow. To configure CWA on wired you will need to alter both the authentication and the authorizatoin rules:


1. Ensure that you have a rule for Wired-MAB

2. Change the Options for that rule from "Reject/Reject/Drop" to "Reject/Continue/Drop"


1. Create a CWA-REDIRECT ACL on your switch:

Ip access-list extended CWA-REDIRECT

deny udp any any eq domain

deny ip any host

deny ip any host

permit ip any any

2. Create an Authorization profile called CWA with the following:

- Access-Type: ACCESS_ACCEPT

- Centralized Web Authentication ACL:   CWA-REDIRECT (The acl that you created on the switch)

3. Change the default authorization rule to the one you just created "CWA"

Thank you for rating!