Showing results for 
Search instead for 
Did you mean: 

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

N3t W0rK3r

ISE 2.1 Hotspot Guest Portal Redirect Problem - 500 Internal Error

We are trying to set up a hotspot guest portal in our ISE 2.1 installation ( patch level 2).

The WLC config and ISE config is in place as best as I can tell but when users connect to our hotspot, they are being redirected to the portal, but a 500 Internal Error page is displayed instead of the AUP page.

I originally used port 8443 for this but changed it to 8449 with no change.

I have tried Android phones, iPhones and a MacBook and all are presented with the same error.

Oddly enough, if the client tries to reconnect after getting the 500 error, they do connect successfully without ever seeing the AUP.


Thanks in advance for any suggestions you may have.



Rahul Govindan

Is this is a distributed set up or a standalone? I have seen instances with the same error when I redirect to node that is not a PSN. Also, are the users being redirected via FDN or ip address?



Thanks for your reply.

Ours is a 4-node distributed deployment, with 2 PANs and 2 PSNs.  The portal is setup on both PSNs only.  Currently pointing to a public FQDN that is resolvable.

Because we are using a public FQDN we can only point to one PSN at a time.  So, we tried both PSNs and found different behaviour with each.  On PSN1, the user would get the AUP but would not get connected after clicking Accept, until they forgot the network and reconnected.  On PSN2, users do not get the AUP, but get the 500 internal error instead, and do not get connected at all.  Clearly there is some kind of difference between the configs on the two PSNs but I have no clue as to how to fix this.



How is the WLC setup? Do you have an Anchor-Foreign setup for guest access? One issue could be if Radius accounting is setup on multiple controllers due to the bug:

I do not know exactly how the WLC is setup as I didn't do that part of the config.  What do you mean by an "Anchor-Foreign setup"?  How would I know if that's what we have?  I will consult with our WLC admin to review this.


Thank you.



In Wireless Guest setups, you could have an "anchor" controller sitting on the dmz and foreign controllers across the campus. Foreign controllers talk to the clients directly and send all the traffic via tunnel to the anchor controller and then to the internet, separating Guest from other traffic. You should see some setting on the Foreign Controller under the menu:
Controller -> Mobility Management -> Mobility groups

Example given here:

Thanks for the explanation.  From what I can tell, we have no anchor point configured on our WLC HA.

I have been able to open a TAC case and we are working thru it.  Looks like I may have to reimage the bad PSN node as it would not take Patch 6, and i've had other problems with it as well.


Thanks again.

Recognize Your Peers
Content for Community-Ad

ISE Webinars

Miss a previous ISE webinar?
Never miss one again!

CiscoISE on YouTube