08-17-2012 03:37 AM - last edited on 03-25-2019 05:29 PM by ciscomoderator
Can an Anchor WLC (WLCa) provide a wired guest LAN service if the wlan guest access is using CWA?
We are deploying a WLAN only ISE solution (it is a full license ISE though) but they just want a few wired guest ports. I was hoping to add L2 switch to the DMZ where the WLCa is and that the L2 switch wouldnt need any other config as the WLCa just bridges the wired to the wlan vlan. This Im sure i have done before.
So now I have set wiredguest the same as i have done before ISE and my wired clients get an IP address, but when they redirect, the URL they get is different, and the redirect just doesnt work.
It comes out as:
So does my simple L2 only switch need an ISE config on it or should the WLCa be handling or the redirection just as it would for a wlan device.
08-17-2012 04:21 AM
Nicholas,
Can you post the screenshot of the authentication report in ISE for when the wired authentication hits the redirection authorization profile?
Thanks,
Tarik Admani
*Please rate helpful posts*
08-17-2012 04:30 AM
The ISE never receives an auth entry, so i dont believe the redirect is working for the wired client. So even though the clients browser gets a redirect url which fails connection, the client info in the WLCa doesnt have a redirect ACL listed like a wlan client would
08-17-2012 09:14 AM
Can you post the screenshots of the Layer 3 security settings?
Thanks,
Tarik Admani
*Please rate helpful posts*
02-01-2017 02:41 AM
sorry to drag up this old topic but i am having something very similar
please see my post
https://supportforums.cisco.com/discussion/13213831/wired-guest-lan-cwa-cisco-ise
can anyone assist??
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide