Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2370
Views
0
Helpful
4
Replies

ISE integration with Arista Wifi

Go to solution
cxo-179682
Level 1
Level 1

‎10-20-2020 11:33 PM

Hello,

 

I'm currently testing integration between our ISE 2.6 with Arista AP for the Guest and BYOD portal, but running into some issues, the flow would be typically standard whereby user will connect to guest or byod SSID respectively, and get redirected to the ISE Portal page for authentication,  but im not getting any HTTP page redirection at all. 

 

Below are the documentation from Arista :

https://wifihelp.arista.com/post/integration-with-cisco-ise/?pdf=981

https://wifihelp.arista.com/post/role-based-access-control-for-radius-mac-authentication?term=role%20profile&page=1

 

I'm in the midst of checking with Arista on the AP configuration, but would like to cover my base for ISE configs as well, if anyone got any direction where i may have misconfigured

 

Thanks in advance

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
cxo-179682
Level 1
Level 1

‎10-30-2020 11:08 PM

Found the redirection issue, and it's the laptop, used another laptop and ipad, redirection works perfectly. 

But im faced with another challenge which im trying for Guest Portal :

1- Client connect to Guest SSID

2- Arista AP redirects to ISE Guest Portal 

3- Client entered username and password, accepted AUP and then nothing happens.. 

Checked on the ISE logs, it's not hitting any policies at all, only stated it's a Guest Identity store, no matching Authentication/Authorization policy. But the client manages to logon and it just stuck there.. no OK button to proceed or anything.. 

 

Any clue ?

 

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Mohammed al Baqari
Level 11
Level 11

‎10-20-2020 11:41 PM

I have not tested Aristra, but in Cisco WLC/AP you need to deny the traffic
to web on http and https (except http to ISE) for redirection to trigger.
This is in addition to enabling HTTP access.

Do you have this enabled? Otherwise, check in Arista docs on how to trigger
HTTP redirection.


**** please remember to rate useful posts
0 Helpful

Go to solution
cxo-179682
Level 1
Level 1
In response to Mohammed al Baqari

‎10-21-2020 12:23 AM

Thanks for your reply, I did check on Arista docs, nothing mentioned for the ACL, only need to enable HTTP Redirection with ISE URL. But i've tried your suggestion and it's still not popping any ISE Portal page when i connect to the SSID.

0 Helpful

Go to solution
Mohammed al Baqari
Level 11
Level 11
In response to cxo-179682

‎10-21-2020 12:33 AM

First make sure that you are browsing HTTP page. NOT HTTPs. Sometime the
browser will go to HTTPS page because its cached.

If still same, do a packet capture on your client and see if you receive
302 HTTP response from Arista when trying to browse google for example. If
not you need to open a ticket with Arista.

***** please remember to rate useful posts
0 Helpful

Go to solution
cxo-179682
Level 1
Level 1

‎10-30-2020 11:08 PM

Found the redirection issue, and it's the laptop, used another laptop and ipad, redirection works perfectly. 

But im faced with another challenge which im trying for Guest Portal :

1- Client connect to Guest SSID

2- Arista AP redirects to ISE Guest Portal 

3- Client entered username and password, accepted AUP and then nothing happens.. 

Checked on the ISE logs, it's not hitting any policies at all, only stated it's a Guest Identity store, no matching Authentication/Authorization policy. But the client manages to logon and it just stuck there.. no OK button to proceed or anything.. 

 

Any clue ?

 

0 Helpful
Customers Also Viewed These Support Documents