01-19-2020 02:35 PM
Hello,
Any help on this one?
I am testing Redirect URL/ACL from ISE to the WLCv for open guest portal access, so the user is authenticated on the portal.
The user is able to connect to the wireless network, receives IP from DHCP server, but is not redirected to the Portal.
Checking the Radius Live logs on ISE for the user connected, I see ISE sends the Av Pairs for Redirect ACL and Redirect URL to the WLCv, so I think ISE is working good, but on WLCv logs for the connected user (Monitor tab, Security Information Section, I see the field for "Redirect URL" correctly populated with the Redirect URL string sent from ISE (which is good), but the field for the redirect ACL is empty (AAA Override ACL Name). I think this field should show the name of the redirect ACL configured on the WLCv and not empty.
Looks like WLCv could be missing something?
Sending some screen shots from ISE and WLCv. Appreciate any help.
On ISE Live radius log detail I see the wireless user is successfuly connected, and the ISE sends the AV Pairs for ACL Redirect name, and Redirect URL.
On WLCv, the client connected entry on Monitor Tab, the Field "AAA Override ACL" is empty (I should see here the redirect ACL name, but is not showing). The Field "Redirect URL" is showing the URL from ISE which is good.
On WLCv, the Redirect ACL "ACL-WEBAUTH-REDIRECT" is configured, and is matching by name the one configured on ISE Authorization profile for this redirection.
ISE config for the Policy set WIRELESS, Authz policy rule "Default" have the Authorization profile "Guest_Redirect" where the redirect ACL name is configured for CWA.
Thanks,
Carlos.
Solved! Go to Solution.
01-20-2020 02:21 PM
If you copied/pasted the ACL name into the ISE AuthZ Profile, make sure you don't have any trailing whitespace characters as they are not really visible when looking at the configuration or logs. I've seen this cause issues in the past.
If there are none, I would suggest opening a TAC case to check for any known bugs in the WLCv code version you're running and investigate further.
Cheers,
Greg
01-19-2020 02:51 PM
On your WLC and under the SSID settings, Advanced tab, do you have "Allow AAA Override" checked?
01-19-2020 03:44 PM
Hi Colby,
I enabled "Allow AAA Override" for the SSID "p0-guest", but still is not showing the redirect ACL on the field "AAA Override ACL".
01-20-2020 02:21 PM
If you copied/pasted the ACL name into the ISE AuthZ Profile, make sure you don't have any trailing whitespace characters as they are not really visible when looking at the configuration or logs. I've seen this cause issues in the past.
If there are none, I would suggest opening a TAC case to check for any known bugs in the WLCv code version you're running and investigate further.
Cheers,
Greg
01-24-2020 02:02 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide