Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1248
Views
5
Helpful
2
Replies

Wireless Guest is stuck in Sponsor Guest Portal after he authenticates successfully and browses anything online

Go to solution
hbaytie01
Level 1
Level 1

‎05-18-2018 02:35 PM - edited ‎02-21-2020 10:56 AM

Hi,

 

I configured Wireless Guest using Cisco ISE 2.0 Wireless Guest Setup Wizard, everything looks okay regrading the configuration and the user wants he connects to the WLAN he is able to self register his self and gets the password. After he enters the credentials and he typed anything like google.com, he is redirected to the Sponsor guest portal where he is asked to enter the credentials again and again. I saw i similar case but it is was a different setup with WLC (Anchor+Foreign). https://supportforums.cisco.com/t5/aaa-identity-and-nac/looping-authentication-page-after-successful-login-cisco-ise/td-p/2570492 

 

Any Help???

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
dacabrer
Cisco Employee
Cisco Employee

‎05-18-2018 05:40 PM - edited ‎05-20-2018 06:11 AM

Hi,

 

Two possible scenarios:

 

- ISE is not receiving the CoA-ACK from the WLC; you should be able to confirm this by looking in the RADIUS live logs for a Dynamic Authorization Failure. Port 1700 could be blocked or the CoA feature is not enable in the WLC (or it is just not responding back)

- Policy issue; the Network Access EQUALS Guest Flow then PermitAccess is missing

 

 

https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/116087-configure-cwa-wlc-ise-00.html

 

Best regards,

 

-dacabrer

View solution in original post

2 Replies 2

Go to solution
dacabrer
Cisco Employee
Cisco Employee

‎05-18-2018 05:40 PM - edited ‎05-20-2018 06:11 AM

Hi,

 

Two possible scenarios:

 

- ISE is not receiving the CoA-ACK from the WLC; you should be able to confirm this by looking in the RADIUS live logs for a Dynamic Authorization Failure. Port 1700 could be blocked or the CoA feature is not enable in the WLC (or it is just not responding back)

- Policy issue; the Network Access EQUALS Guest Flow then PermitAccess is missing

 

 

https://www.cisco.com/c/en/us/support/docs/security/identity-services-engine/116087-configure-cwa-wlc-ise-00.html

 

Best regards,

 

-dacabrer

Go to solution
hbaytie01
Level 1
Level 1

‎05-20-2018 01:43 AM

 The CoA feature wasn't enabled in the Radius Server WLC:

 

WLC.png

0 Helpful
Customers Also Viewed These Support Documents