Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
239
Views
0
Helpful
4
Replies

ISE hotspot page not loading on Guest SSID

connor-jaques
Level 1
Level 1

‎07-17-2024 02:37 PM

We are in the process of moving from On-Prem ISE 2.7 to Azure 3.3 - fresh build.

AP's are Cisco Meraki, none of the guest SSID setup has been changed bar the Radius server IP's.

Guest portal is DNS resolvable from AP subnet & from ISE however when connecting to the SSID portal fails to ever load. Routing is fine since if I define a static IP in the policy result it loads.

I can also take the full redirect URL and browse on corporate SSID which resolves no issues.

Any thoughts?

 

0 Helpful
4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

‎07-17-2024 03:51 PM

what kind of certs you using?

after connecting, can you try manually access the URL ? (if the redirect failing ?)

what is difference between Corporate SSID and Guest SSID DNS ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

connor-jaques
Level 1
Level 1
In response to balaji.bandi

‎07-18-2024 01:34 AM

I have a wildcard certificate issued by a public authority on my Guest splash.

Manually I am also unable to access.

Corporate SSID is using internal DNS servers.

Guest SSID is using Google DNS.

AP's have internal DNS since as per this doc it's the AP's which DNS resolve the splash page? - https://documentation.meraki.com/MR/Encryption_and_Authentication/CWA_-_Central_Web_Authentication_with_Cisco_ISE

One thing to note is this is working perfectly fine with my ISE 2.7. The only differences are:

- Radius server in SSID config

- DNS name of the splash page

 

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to connor-jaques

‎07-20-2024 01:23 AM

 

 

Is the portal is FQDN ?  - is the FQDN can be resolved using Google DNS.

https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/216191-troubleshoot-common-cisco-ise-guest-acce.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

connor-jaques
Level 1
Level 1
In response to balaji.bandi

‎07-20-2024 05:04 AM

The portal does have an FQDN associated to it's IP address yes. The FQDN is resolved from an internal DNS server - the AP has no issues resolving this.

The client can access the portal IP through the Meraki walled garden config.

0 Helpful
Customers Also Viewed These Support Documents