Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5867
Views
0
Helpful
6
Replies

ISE Guest Redirection- Chrome Web Browser

Go to solution
awatson20
Level 4
Level 4

‎11-07-2019 05:38 AM

We are using ISE 2.4 patch 9 for guest access, and are encountering an issue with the redirection process on Windows 10 devices.  After connecting to the guest SSID, windows detects the captive portal and will launch the edge browser by default and you successfully get redirected to the Guest Portal page.  The browser is redirecting to a microsoft page. (https://go.microsoft.com/) However, if I change the default browser to "Chrome", I get redirected, but I receive error This site can’t be reached go.microsoft.com unexpectedly closed the connection.  It takes multiple attempts to various sites to finally get the redirect to work, or if I enter in an HTTP site only it works.  Any suggestions?

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
hslai
Cisco Employee
Cisco Employee
In response to awatson20

‎11-08-2019 08:40 PM

You might be hitting CSCvi41578

View solution in original post

0 Helpful
6 Replies 6

Go to solution
varma10
Level 1
Level 1

‎11-07-2019 06:13 AM

I think your wireless LAN controller is not enabled to intercept https traffic. Verify on the WLC if the secure web-auth redirect is enabled or disabled. You can do this by issuing command "show network summary" on WLC and look for "Web Auth Secure Redirection". This should be enabled. 

 

If disabled, then issue command "config network web-auth https-redirect enable".

0 Helpful

Go to solution
awatson20
Level 4
Level 4
In response to varma10

‎11-07-2019 06:55 AM

We do have this currently disabled.  My question would be why do the other browsers not have this issue, and what is the disadvantage to enabling this?  I believe from reading it is not advised to enable HTTPS redirect on the wireless controllers, or is this something that is a recommended best practice now?

0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to awatson20

‎11-07-2019 10:34 AM - edited ‎11-07-2019 10:46 AM

HTTPS redirect would be definitely recommended as alot of the browser auto launch try to call HTTPS site. Everything is going https. Unfortunately even with everything perfect i always run into issues roaming the world with various guest systems not auto launching on laptops and phones with DNS and caching issues.

 

All else fails you can ask users to go to http site. such as http://enroll.cisco.com 

 

Do you have a well known certificate deployed in ISE? If its not and using self-signed that might be the issues. Example HSTS errors?

 

More information can be found by looking at the following guides on setup and certificates

https://community.cisco.com/t5/security-documents/ise-guest-access-prescriptive-deployment-guide/ta-p/3640475

https://community.cisco.com/t5/security-documents/how-to-implement-digital-certificates-in-ise/ta-p/3630897

 

If all else fails open TAC case 

0 Helpful

Go to solution
awatson20
Level 4
Level 4
In response to Jason Kunst

‎11-12-2019 05:21 AM

Do you have a well known certificate deployed in ISE? If its not and using self-signed that might be the issues. Example HSTS errors?  We have a standard SSL certificate through godaddy signed and loaded in ISE associated with the guest portals.  Is that what you were referring to, and would that be correct?

0 Helpful

Go to solution
hslai
Cisco Employee
Cisco Employee
In response to awatson20

‎11-08-2019 08:40 PM

You might be hitting CSCvi41578

0 Helpful

Go to solution
awatson20
Level 4
Level 4
In response to hslai

‎11-12-2019 05:18 AM

We are not using Chrome 65.  We are on Chrome 78.  

0 Helpful
Customers Also Viewed These Support Documents