12-13-2016 01:38 AM - edited 03-11-2019 12:17 AM
Hello All,
I have configured a Guest SSID users for Cisco 5520 WLC to be redirected to ISE 2.0 Guest portal.
The redirection phase done successfully but when the Guest try to re authenticate via the Guest portal the authorization fails with log no 11213 "No response received from Network Access Device after sending a Dynamic Authorization request".
Note, That my authorization policy checks that the user is in the Guest users groups and that he is using the right guest SSID ID and that the flow is a guest flow. (A snap shoots for the authorization rule and ISE log is attached)
Any advice what should i check for?
Thanks in advance :)
Solved! Go to Solution.
01-07-2017 02:33 PM
Is CoA enabled on WLC (RADIUS server page)?
12-13-2016 02:29 PM
Is ISE and WLC on different subnet. I believe guest portal flow should work as expected even you are getting this error.
We do have a bug CSCux37498 CoA with wlc 8.1.131.0 shows error message on ISE server
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCux37498/?reffering_site=dumpcr
Fixed in 8.3 code of WLC.
Regards
Gagan
ps : rate as correct if it helps!!!!
01-07-2017 05:44 AM
I upgraded the WLC image but the problem still exist.
01-07-2017 02:33 PM
Is CoA enabled on WLC (RADIUS server page)?
01-09-2017 12:22 AM
No it wasn't enabled. I enabled it and it worked.
Thanks for your support.
01-15-2018 10:06 PM
Hi
in order to get User to authenticate you must've to think mechanism how WLC redirects and allow user over wifi and over internet.
you must have to configure Access list under Security tab Access list control. for more assistance share your network design via email/PM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: