Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1082
Views
0
Helpful
4
Replies

ISE 2.3 - CWA Redirect

Go to solution
Nayan.Patel85
Level 1
Level 1

‎09-17-2018 09:38 AM - edited ‎03-11-2019 01:49 AM

Hi,

 

We are deploying ISE 2.3.

We use CWA for multi-factor authentication for Wireless and Wired employees.

 

1st issues) When a user goes from Wired connection to Wireless connection, CWA redirection does not work as expected, I can see he is getting correct authorization profile with correct redirect URL and redirect ACL, and it launches the browser automatically, but never able to make it to CWA portal.

User has to reboot the PC.

 

2nd) If user's PC goes to sleep while he was connected to wireless and if wakes up his pc redirect does not work at that time as well.

 

We are using the same CWA portal for Wireless and Wired.

 

Thanks

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎09-17-2018 09:51 AM

This seems like the PC might be confused on having multiple interfaces in redirect state? If both nics are on at same time and connected then the OS might route differently depending on conditions. Have you tried controlling your NICs? For example if there is a problem disable the other NIC to make sure the OS is not routing funny?

Some customers on windows have been forced to control their NICs with Anyconnect NAM (network access manager) which won’t allow the wireless NIC to be up when connected on wired

Why do they need wired and wireless running at same time? What’s wrong with always wireless or always wired?

View solution in original post

0 Helpful
4 Replies 4

Go to solution
gbekmezi-DD
Level 5
Level 5

‎09-17-2018 09:47 AM

Does the client browser not redirect, or is the redirect url not rendering?
0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎09-17-2018 09:51 AM

This seems like the PC might be confused on having multiple interfaces in redirect state? If both nics are on at same time and connected then the OS might route differently depending on conditions. Have you tried controlling your NICs? For example if there is a problem disable the other NIC to make sure the OS is not routing funny?

Some customers on windows have been forced to control their NICs with Anyconnect NAM (network access manager) which won’t allow the wireless NIC to be up when connected on wired

Why do they need wired and wireless running at same time? What’s wrong with always wireless or always wired?
0 Helpful

Go to solution
Nayan.Patel85
Level 1
Level 1
In response to Jason Kunst

‎09-19-2018 03:49 PM

Jason,

Thanks for your response.
We don’t need both wireless and wired active at the same time.
We are running into issues when wired user disconnects from wired connection and switch to wireless.
Then user is not being redirected to CWA portal.
I believe it has to do with Machine Authentication. User was previously machine authenticated using wired NIC and now if he switches to wireless machine authentication will not happen unless he reboots or logs out-logs in.

0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to Nayan.Patel85

‎09-19-2018 04:07 PM

Ok you’re mixing machine auth with CWA then? And dealing with supplicant issues now. Right the machine won’t send machine auth if switching networks while user is logged in due to Microsoft supplicant not supporting it. If you’re doing that then why are you doing CWA on top of it? Why not do eap chaining perhaps with anyconnect? Things are a lot smoother
0 Helpful
Customers Also Viewed These Support Documents