Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2504
Views
7
Helpful
2
Replies

ISE CWA Redirect loop

Go to solution
david dawn
Level 1
Level 1

‎05-19-2022 07:10 AM - edited ‎05-19-2022 07:15 AM

Guest Wifi ISE

Afternoon all,  I've been tasked to set up  Guest WIFI.

 

The bit I'm struggling with is the very last stage,  In summary I'm using Self Register Portal. This Portal allows users to register for WIFI once it is approved and user signs in, it is looping back to the sign in page rather than just connecting them to internet,  I know this is my fault but I'm not sure where I need to edit in ISE to allow them to carry onto being authenticated and then sent to Google page which is what is currently set.

 

This is my set up, please see pics attached.

 

To summarise all is working apart from when signing in from portal it just loops back to the portal page:( I think I'm policy set could be wrong to push it to next stage but I'm very new on this so struggling.

 

Thanks.

David.

Preview file
28 KB
Preview file
34 KB
Preview file
77 KB
Preview file
68 KB
1 Accepted Solution

Accepted Solutions

Go to solution
Arne Bier
VIP
VIP

‎05-19-2022 10:50 PM

Hi @david dawn 

 

Your Authorization Policy is missing a Rule. The very fiest rule must be one to check the Endpoint - you can do it either by checking whether the endpoint is in the GuestEndpoints Identity Group (or whatever Endpoint Group you're using), use use the other method that relies on session persistence

 

options.png

 

Then the next rule after that is the TEST_GUEST_CWA ( redirection) 

 

The Guest Prescriptive Guide. Very good.

 

View solution in original post

2 Replies 2

Go to solution
Arne Bier
VIP
VIP

‎05-19-2022 10:50 PM

Hi @david dawn 

 

Your Authorization Policy is missing a Rule. The very fiest rule must be one to check the Endpoint - you can do it either by checking whether the endpoint is in the GuestEndpoints Identity Group (or whatever Endpoint Group you're using), use use the other method that relies on session persistence

 

options.png

 

Then the next rule after that is the TEST_GUEST_CWA ( redirection) 

 

The Guest Prescriptive Guide. Very good.

 

Go to solution
david dawn
Level 1
Level 1
In response to Arne Bier

‎05-20-2022 02:14 AM

Hello Arne,

 

Thank you for the reply, this is working now I understand my error/lack of knowledge in this area lol.

I'll be honest I don't think all these are needed in the Authorisation profile but they are there from me experimenting more than anything.

When I tested yesterday I got to the portal i signed for a account then it go approved manually on admin portal, i logged in and it went in and took me to google.com   I had a issue with Iphones then not loading the captive portal so i did some research and found under WLAN on the WLC you need to disabled captive portal bypass this is something that then allows the redirect page on the iphone to automagically load.

Thanks for you're response.

David.

 

Preview file
56 KB
0 Helpful
Customers Also Viewed These Support Documents