ISE and on-boarding issue

barryfowles · ‎06-17-2013

Hi,

I have set up ISE 1.14 to do BYOD with Flexconnect APs. The clients are connecting to a guest SSID and are receiving the flexconnect acl and the redirect url for the guest portal but are not being redirected at all. I can browse from the client to both the PSN ISE's admin GUI and the Sponsor portal but cannot manually browse to the guest portal, I just get an error message telling me that the guestportal resource is unavailable. I am hoping that someone will have some ideas.

Thanks

Marcin Latosiewicz · ‎06-17-2013

Barry,

There's a big checklist to do.

Have a look at:

http://www.cisco.com/en/US/products/ps11640/products_configuration_example09186a0080c090eb.shtml

- One of the things people forget typically is:

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCue68065

(a few dependencies will exist depending whether you're using local switching or not).

- Another is assinging the ACL locally on AP in case of local switching.

M.

Edited for calrity.

barryfowles · ‎06-17-2013

Hi Marcin,

This is a better document than the one I was using as this one covers the flexconnect bugs. I will try it tomorrow.

Thanks very much for your help and I'll let you know how I get on.

Barry

Ravi Singh · ‎06-17-2013

Verify that the redirection URL specified in Cisco ISE via Cisco-av pair "URL Redirect" is correct per the following options:

•CWA Redirection URL: https://ip:8443/guestportal/gateway?sessionId=SessionIdValue&action=cwa

•802.1X Redirection URL: url-redirect=https://ip:8443/guestportal/gateway?sessionId=SessionIdValue&action=cpp

barryfowles · ‎06-18-2013

The WLC is running 7.3.112.0 code which I believe has a few Flexconnect bugs. I rebooted the controller and now the redirection works and I get the guestportal splash page - so thanks all. However, I believe that this is an intermittent problem in 7.3 and may well come back and I will need to reboot the WLC again unless I upgrade to 7.4 code.