Solved: WLC retain previous SSID connection, while in ISE & enduser shows user connected to new SSID

Shazni Ibrahim · ‎02-12-2019

So we have newly deployed ISE in our environment.

We have new and old SSID. New SSID is using ISE.

Problem description:

From ISE logs, the user already allowed network access and is connected to new SSID.

But for some reason, the user doesn't seem to have network/internet access.

When I check inside WLC, the user seems still connected to the old SSID.

Action taken:

So what I did was, I remove the user endpoint from WLC.

After that, reconnect back to the new SSID, and confirmed in WLC it is connected to the new SSID.

Question:

From ISE point of view, it did send the CoA and give access to the enduser, but from WLC it seems like the enduser still retaining the previous session (with old SSID).

What was happening actually as I can't quite figure out why WLC still retaining the previous session, while the user is already connected to another SSID.

Thanks in advance.

Jason Kunst · ‎02-13-2019

Is Fast ssid change turned on for WLC?

recommended code is 8.3+

Is 2.2 with latest patch should be enough but 2.4 is our latest recommended long term release

View solution in original post

Mohammed al Baqari · ‎02-13-2019

What OS version is running on WLC. I suggest to start looking at the recommended OS for ISE integration and move to it. Below for ISE 2.4 with WLC

https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/compatibility/b_ise_sdt_24.html#ciscowlcs

Jason Kunst · ‎02-13-2019

Is Fast ssid change turned on for WLC?

recommended code is 8.3+

Is 2.2 with latest patch should be enough but 2.4 is our latest recommended long term release

Jason Kunst · ‎02-13-2019

https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-3/config-guide/b_cg83/b_cg83_chapter_0100001.html#ID2375