cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4255
Views
0
Helpful
9
Replies

ISE wireless web authentication for guest management not redirecting

yong khang NG
Level 5
Level 5

Hi forumers'

I face the problem that after connecting to the wireless guest network, it won't redirect me to the ISE guest portal . This happen on my iPhone. The iPhone is running on iOS 5.0.1

Whilst on workstation it's working well.

attach the snapshot of what happen on the iPhone.

Any clue to torubleshoot? Thanks

Noel

9 Replies 9

Tarik Admani
VIP Alumni
VIP Alumni

Noel,

The issue is related to dns, but please make sure that the iphone is being authenticated and assigned to the correct authorization profile.

You can try to manually enter in the ip address of the ISE server or verify that the dns information is correct.

thanks,

Tarik Admani

Hi,

Thanks for reply. I trying to connect the Guest SSID with workstaion and iPhone. Workstation working fine on the guest portal redirection but it not working well on iPhone, if this is DNS problem it won't able to redirect successfully...

Sorry to ask again on hehalf of your statement
"You can try to manually enter in the ip address of the ISE server or verify that the dns information is correct."

what should i do on this?

Thanks

Noel

Hi, i tot of something, would it be browser problem?

With the iphone just type in the ISE ipaddress manually along with path and port 8443 just like the original fqdn redirect-url that is sent back to the controller.

if you are able to verify that then check the dns setting on the iphone by going to the settings for the wireless client.

Settings > "SSID" > "right arrow" > DNS (verify that this is the correct dns and that the search domain is also correct.

It is not a browser issue, but are you using a self signed cert at the moment? If so, it should warn you but I am not 100 percent certain on how the browser reacts it should just forward you on.

Hi

I still fail whilst i testing on my iPhone.

I'm not using ISE self-signed certificate, i create CSR and signed by root CA server. So once i try to connect it won't prompt me the "accept ceritficate"

My WLC local auth certificate verdor certificate is signed by the same root CA server as well.

So i test on desktop to run safari broswer, it able to redirect to ISE guest portal.

Can please suggest more troubleshooting guide?

Thanks

This is how the outcome for the safari broswer

Noel

also with the WLC web auth cert

MICHAEL KEEMLE
Level 1
Level 1

I am having the same issue.  It appears that only Apple I devices running 5.X have issues with authenticating to the ISE appliance.   I have tested IPads running 4.2.1 IOS, Androids, Windows workstation, and even a Cisco CIUS.  All of the work as expected.  It appears only the IPhone and IPads running 5.x are having issues.

Some of these issue appear to be caused by the IPhone and IPad running 5.x not profiling correctly but I have also seen the issue where the IPhone will redirect to the ISE Guest portal page and keep redirecting to the same page after the guest credentials are input.  Any help is appreciated

Hi Michael,

Sorry for late reply.

Well it seems like a universal problem now. My case was every notebook/workstation able to do Local webAuth, but not for handheld device.

Cisco suggest me to try WLC 7.2 using CWA that happen on ISE. Will work and try on it, anything find out will post here.

Thanks

Noel

Hi everybody

I know this problem with iOS and Apple devices (OS X clients >= 10.7) and another guest solution. The apple devices try to connect to the certificte revocation list (CRL) and if they are blocked by the web auth page, the page is not loaded.

I don't know the ISE in detail (yet), but try to whitelist the certificate CRL URL.

Best regards

Dominic