Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3135
Views
10
Helpful
6
Replies

Login page loop for guest Wifi - ISE-ARUBA Integration

Go to solution
LPAUCISCO
Level 1
Level 1

‎02-23-2017 05:33 PM - edited ‎03-11-2019 12:29 AM

I've got Aruba instant AP's using ISE for Guest authentication.

Users are authenticated successfully but it returns to login page again instead of redirection to original URL.

Radius logs shows the authentication is successful but it's not picking any authorization policy for some reason.

1 person had this problem
Labels:
Preview file
53 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
bersand.mejdiovski
Level 1
Level 1

‎09-20-2022 04:08 AM

Hello,

I had the same problem, but I have resolved it. I used two different roles on Aruba one guest-redirect where I would redirect it to the cisco ISE portal and the other one guest-authenticated where I give internet access only and make sure that you do not enable "Download Role" on the Access tab when you create the SSID.  On the Cisco ISE side also create two authorization profiles one for CWA where you would send the "Aruba-User-Role = guest-redirect" and the other one where you would send the "Aruba-User-Role = guest-authenticated. This has worked for me. I hope that will help you too.

View solution in original post

6 Replies 6

Go to solution
Gagandeep Singh
Cisco Employee
Cisco Employee

‎02-23-2017 08:30 PM

Hi,

Seems like COA is not happening. Could you please confirm the following:

1) Send the screenshot of ACL on WLC.

2) Check if WLC is configured for COA

Security > Radius > Authentication 

Check if Support for COA is enabled.

http://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/115732-central-web-auth-00.html#anc5

Regards

Gagan

PS: rate helpful posts!!!!!

0 Helpful

Go to solution
LPAUCISCO
Level 1
Level 1
In response to Gagandeep Singh

‎02-23-2017 09:21 PM

Hi Gagan,

COA is enable in radius definition on Aruba controller but it looks it's using port 5999 which is a bit strange.

Predefined port for Aruba device in ISE is 3799.

Screen shot attached.

Preview file
56 KB
Preview file
49 KB
0 Helpful

Go to solution
Gagandeep Singh
Cisco Employee
Cisco Employee
In response to LPAUCISCO

‎02-24-2017 08:39 AM

To be honest, I have never seen different ports on both WLC and SERVER.

If you can make it 3799 and see if that makes any difference.

Regards

Gagan

0 Helpful

Go to solution
Ruelb2214
Level 1
Level 1

‎06-13-2022 07:23 PM

Hello,

 

I'm facing the same issue, portal page keeps looping.

 

Did you resolve the issue?

 

Please share

 

0 Helpful

Go to solution
bersand.mejdiovski
Level 1
Level 1

‎09-20-2022 04:08 AM

Hello,

I had the same problem, but I have resolved it. I used two different roles on Aruba one guest-redirect where I would redirect it to the cisco ISE portal and the other one guest-authenticated where I give internet access only and make sure that you do not enable "Download Role" on the Access tab when you create the SSID.  On the Cisco ISE side also create two authorization profiles one for CWA where you would send the "Aruba-User-Role = guest-redirect" and the other one where you would send the "Aruba-User-Role = guest-authenticated. This has worked for me. I hope that will help you too.

Customers Also Viewed These Support Documents