07-17-2024 02:37 PM
We are in the process of moving from On-Prem ISE 2.7 to Azure 3.3 - fresh build.
AP's are Cisco Meraki, none of the guest SSID setup has been changed bar the Radius server IP's.
Guest portal is DNS resolvable from AP subnet & from ISE however when connecting to the SSID portal fails to ever load. Routing is fine since if I define a static IP in the policy result it loads.
I can also take the full redirect URL and browse on corporate SSID which resolves no issues.
Any thoughts?
07-17-2024 03:51 PM
what kind of certs you using?
after connecting, can you try manually access the URL ? (if the redirect failing ?)
what is difference between Corporate SSID and Guest SSID DNS ?
07-18-2024 01:34 AM
I have a wildcard certificate issued by a public authority on my Guest splash.
Manually I am also unable to access.
Corporate SSID is using internal DNS servers.
Guest SSID is using Google DNS.
AP's have internal DNS since as per this doc it's the AP's which DNS resolve the splash page? - https://documentation.meraki.com/MR/Encryption_and_Authentication/CWA_-_Central_Web_Authentication_with_Cisco_ISE
One thing to note is this is working perfectly fine with my ISE 2.7. The only differences are:
- Radius server in SSID config
- DNS name of the splash page
07-20-2024 01:23 AM
Is the portal is FQDN ? - is the FQDN can be resolved using Google DNS.
07-20-2024 05:04 AM
The portal does have an FQDN associated to it's IP address yes. The FQDN is resolved from an internal DNS server - the AP has no issues resolving this.
The client can access the portal IP through the Meraki walled garden config.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide