07-29-2014 12:05 PM - edited 03-10-2019 09:54 PM
We are configuring guest access through wired network. We can sucessfully logon guest users, but it never gets the IP address assigned on guest vlan. Monitoring the switch we can see the COA assigning guest vlan to the user port. If I renew the ip address using manually, I receive the correct address.
Solved! Go to Solution.
07-29-2014 03:31 PM
Please go through the below information which might be helpful to you:-
If you assign a VLAN, the final step is for the client PC to renew its IP address. This step is achieved by the guest portal for Windows clients. If you did not set a VLAN for the 2nd AUTH rule earlier, you can skip this step.
If you assigned a VLAN, complete these steps in order to enable IP renewal:
and for more information on Vlan DHCP release:-
This affects the CWA user login flow when the network access during the final authorization switches the guest VLAN to a new VLAN. In this case, the old IP of the guest needs to be released before the VLAN change and a new guest IP needs to be requested through DHCP once the new VLAN access is in place. The Cisco ISE server redirects the guest browser to download an applet to perform the IP release renew operation.
The delay to release time should be low since it needs to occur immediately after the applet is downloaded and before the Cisco ISE server directs the NAD to re-authenticate with a CoA request. The default release value is 1 second.
The delay to CoA delays the Cisco ISE from executing the CoA. Here, enough time should be given to allow the applet to download and perform the IP release on the client. The default value is 8 seconds.
The delay to renew value is added to the IP release value and does not begin timing until the control is downloaded. The renew should be given enough time so that the CoA is allowed to process and the new VLAN access granted. The default value is 12 seconds.
07-29-2014 02:08 PM
What do you have configured for the "IP Address" change under the Web Portal Settings?
07-29-2014 03:31 PM
Please go through the below information which might be helpful to you:-
If you assign a VLAN, the final step is for the client PC to renew its IP address. This step is achieved by the guest portal for Windows clients. If you did not set a VLAN for the 2nd AUTH rule earlier, you can skip this step.
If you assigned a VLAN, complete these steps in order to enable IP renewal:
and for more information on Vlan DHCP release:-
This affects the CWA user login flow when the network access during the final authorization switches the guest VLAN to a new VLAN. In this case, the old IP of the guest needs to be released before the VLAN change and a new guest IP needs to be requested through DHCP once the new VLAN access is in place. The Cisco ISE server redirects the guest browser to download an applet to perform the IP release renew operation.
The delay to release time should be low since it needs to occur immediately after the applet is downloaded and before the Cisco ISE server directs the NAD to re-authenticate with a CoA request. The default release value is 1 second.
The delay to CoA delays the Cisco ISE from executing the CoA. Here, enough time should be given to allow the applet to download and perform the IP release on the client. The default value is 8 seconds.
The delay to renew value is added to the IP release value and does not begin timing until the control is downloaded. The renew should be given enough time so that the CoA is allowed to process and the new VLAN access granted. The default value is 12 seconds.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide