05-27-2022 03:20 AM
Hi,
Have set up a CWA Portal for a guest ssid. The client will only redirect to the Portal on the ISE server if I put the IP address in and not the FQDN.
I was under the impression it was the wifi client that sends the DNS request, and the client LAN is set up so it can talk to a DNS server that knows the FQDN. Can anyone please confirm if this is correct?
Also if I am forced to use an IP address is there any way of hiding the IP address on the user's screen so they cannot see the private IP address of the ISE server they are redirected to?
Solved! Go to Solution.
05-27-2022 04:02 AM
The most common setup that I've come across when using the guest portal on Cisco ISE is to utilize FQDN with a publicly signed certificate so the end-user sees a user-friendly URL and doesn't get a certificate warning.
So that definitely works.
Can you verify that the client is able to resolve the FQDN?
(perhaps by trying to ping or nslookup the FQDN in command line while connected to the guest network, but prior to login.)
If the guest network devices are assigned an external/public DNS for DNS resolution, the FQDN needs to be publicly resolvable.
05-27-2022 04:02 AM
The most common setup that I've come across when using the guest portal on Cisco ISE is to utilize FQDN with a publicly signed certificate so the end-user sees a user-friendly URL and doesn't get a certificate warning.
So that definitely works.
Can you verify that the client is able to resolve the FQDN?
(perhaps by trying to ping or nslookup the FQDN in command line while connected to the guest network, but prior to login.)
If the guest network devices are assigned an external/public DNS for DNS resolution, the FQDN needs to be publicly resolvable.
05-27-2022 05:27 AM
You can use FQDN. Is the guest client able to resolve the FQDN? Does your default ACL on the wireless controller allow DNS?
05-30-2022 11:27 AM - edited 05-30-2022 11:27 AM
Please review the instructions in ISE Guest Access Prescriptive Deployment Guide > Configure an ACL to Redirect Guest Devices to the ISE Guest Portal for your redirect ACL and that should do it.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide