ISE 1.3 CWA redirect and CoA issue

Andre Neethling · ‎05-13-2015

Hi All. I am experiencing an issue with CWA redirection not working. But when I enter the address of the Guest portal, I can successfully authenticate. However, no CoA is happening to activate the post auth Authorization Policy. I have attached some config screenshots for review. Any assistance will be appreciated.

EDIT: WLC code-7.4.121.0 and ISE code-1.3.0.876

Venkatesh Attuluri · ‎05-18-2015

can you attach screenshot of OPERATIONS -> AUTHENTICATION -> DETAIL and ACL on WLC and is URL redirection portion of the ACL have been applied to the session ?

Andre Neethling · ‎05-19-2015

HI. Thanks for your response. I have posted the Operations--->authentication. It is the authlog.jpg above. See attached the ACL and the Authentications detail. I have also added the Screen shot after portal authentication success. There is no CoA. Any help will be appreciated.

Regards

Andre

Seb Rupik · ‎05-19-2015

Hi Andre,

On your WLC(s) under: Security -> AAA -> RADIUS -> Authentication

For each of your ISE PSN's do you have 'Support for RFC 3576' set to 'Enabled'?

I had this same problem this morning.

cheers,

Seb.

Andre Neethling · ‎05-19-2015

Hi Seb. Thanks for your reply. I have support for RFC3576 enabled on both PSN.

Andre Neethling · ‎07-21-2015

Good day All. Thanks for your responses. I managed to eventually resolve the problem. The applied "Airspace ACLs" were not allowing the return DNS traffic. Once I corrected this. All is working. CoA, CWA redirect, Authorization policies are applying correctly.

Thanks again.