01-05-2016 12:02 AM - edited 03-10-2019 11:22 PM
I HAVE CONFIGURES THE ISE AUTHORIZATION FOR GUEST "CWA".
WHEN THE GUEST TRY TO ACESS THE NETWORK ISE SENDS THE URL TO MY SWITCH 2960-S.
I CAN SEE THE LINK BY ISSUING THE COMMAND
SHOW AUTHENTICATION SEESION INTERFACE GI 1/0/14
BUT THE CLIENT BROWSER CANT GET THE LINK.........
01-05-2016 08:16 AM
Check you ACL_REDIRECT in Switch. Verify the DNS (FQDN) in guest portal.
01-05-2016 11:21 PM
01-06-2016 01:55 AM
Can you post the ACL-WEBAUTH-REDIRECT ?
Try too, enable the IP Renewal in guest portal is optional.
Enable the IP Renewal (Optional)
If you assign a VLAN, the final step is for the client PC to renew its IP address. This step is achieved by the guest portal for Windows clients. If you did not set a VLAN for the 2nd AUTH rule earlier, you can skip this step.
If you assigned a VLAN, complete these steps in order to enable IP renewal:
01-06-2016 05:14 AM
ip access-list extended ACL-WEBAUTH-REDIRECT
permit tcp any any eq www
permit tcp any any eq 443
deny ip any any
After CoA i copy the link of web auth from the switch and past it into the client browser, it will open the web page for guest, after entering the credentials it work fine.
01-09-2016 11:11 AM
try this:
ip access-list extended redirect
deny ip any host <ISE ip address>
permit TCP any any eq www
permit TCP any any eq 443
01-06-2016 06:08 AM
Do you have the "ip http server" command enabled on the switch?
Is the client browsing to an http (not https) site?
01-06-2016 06:18 AM
yes both "ip http server" &" ip http secure-server" is configured
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide