cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2541
Views
0
Helpful
4
Replies

ISE with CWA and wired guest access via WLC Anchor

Nicholas Poole
Level 1
Level 1

Can an Anchor WLC (WLCa) provide a wired guest LAN service if the wlan guest access is using CWA?

We are deploying a WLAN only ISE solution (it is a full license ISE though) but they just want a few wired guest ports.  I was hoping to add L2 switch to the DMZ where the WLCa is and that the L2 switch wouldnt need any other config as the WLCa just bridges the wired to the wlan vlan.  This Im sure i have done before.

So now I have set wiredguest the same as i have done before ISE and my wired clients get an IP address, but when they redirect, the URL they get is different, and the redirect just doesnt work.

It comes out as:

https://my_ise_ip:8443/guestportal/Login.action?switch_url=https://my_ise_host/login.html&wlan=my_wired_guest_lan&redirect=www.google.co.uk

So does my simple L2 only switch need an ISE config on it or should the WLCa be handling or the redirection just as it would for a wlan device.

4 Replies 4

Tarik Admani
VIP Alumni
VIP Alumni

Nicholas,

Can you post the screenshot of the authentication report  in ISE for when the wired authentication hits the redirection authorization profile?

Thanks,

Tarik Admani
*Please rate helpful posts*

The ISE never receives an auth entry, so i dont believe the redirect is working for the wired client.  So even though the clients browser gets a redirect url which fails connection, the client info in the WLCa doesnt have a redirect ACL listed like a wlan client would

Can you post the screenshots of the Layer 3 security settings?

Thanks,

Tarik Admani
*Please rate helpful posts*

sorry to drag up this old topic but i am having something very similar 

please see my post

 https://supportforums.cisco.com/discussion/13213831/wired-guest-lan-cwa-cisco-ise

can anyone assist??