09-18-2019 09:07 AM
Hello,
I have 2 ISE nodes Version 2.4, Running in Primary Admin and secondary Admin and PSN on both setup.
I am running Radius, TACACS+ and Guest services.
My Radius and Tacacs are working fine.
2 Issues I am facing in my guest setup
1.In Guest access self registration after connecting on Guest SSID redirect URL is giving error (400 bad request) on Guest client machine .
2. When I am doing Portal test URL traffic is redirecting to secondary server.
09-18-2019 09:12 PM
Hi Mateen,
1. Are you getting a 302 redirect in response to initial GET request on client machine or you do get a 302 redirect with redirect URL but when the browser tries accessing that, it shows the error 400 bad request ?
2. ISE will decide which node to be presented for portal unless you statically define which node's IP to be used for guest services
Regards,
Dinesh Moudgil
P.S. Please rate helpful posts.
09-18-2019 10:41 PM
Hi mate,
What's the status that you see for the connection on the WLC.
Does it says WEBAUTH_REQD?
Do you see the redirect URL on that session on the WLC?
Can you share the live logs showing on ISE?
Regarding the other PSN handling the guest traffic, it is possible that:
1. If you have configured on WLC primary and secondary AAA server, there was a recent disconnection to the primary which has triggered the traffic to failover the secondary. And RADIUS fallback option is not enabled.
2. Could be an issue on the Authorization profile pointing to a 2nd FQDN.
3. Could also be natting or firewall issues on the path basing from that error.
But again, it would be clearer if you can send the detailed logs on both ISE and WLC.
Cheers,
Raffy
09-19-2019 04:06 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide