TAC case logged for this problem a few days ago, TAC engineers still unable to find solution
A number of Guest users are unable to login to the ISE guest Portal page, some days a particular Guest can login other days the same Guest cannot. This varies day to day. When the Guest is unable to login, I simply remove their mac address on the Foreign and Anchor WLC's. Then straight after, they can login successfully.
Guest connects to the Guest SSID, obtain a DHCP, enter a website in the browser like google.com, Guest is redirected to ISE guest portal login page, Guest tries to login with their credentials. Rather than showing an error in the browser, the username/password icons return blank after clicking login. After I remove the Guest mac address from Foreign & Anchor WLC, user enters credentials again in their browser and success! user logs in fine.
Attached is an example where a4:17:31:4f:4a:82 is an affected Guest.
Attached output includes debug client a4:17:31:4f:4a:82 and debug aaa all enable.
I should say also ISE troubleshoot logs normally show either 8009 or 86010 user authentication failed for the particular Guest, after deleting the mac address on WLC's, guets login in ok, live authenctiation log turns green for user. ISE logs look clean though I did see a ISE latency Radius message a few days ago but hasn't repeated.
TAC have been working on my case since mid November. Finally I solved on a temporary basis a week ago.
I increased the Radius Authentication from 2 seconds to 10 seconds on all my WLC's for ISE Radius, after this there were no more user complaints. If anyone is interested, please note the below.....from the TAC engineer.
Thank you a lot for the update! Really, great finding.
Yes, sure: the latency bug is CSCuj47338 - Radius response delays seen on ISE with large Internal User store.
I have news on the fix: it potentially will go to the patch 7 for the
1.2.0 (at the end of February or March) and it should be fixed in 1.2.1 as well. Just to reiterate - for 1.3 there is no need to worry - the fix should be there.
There is nothing more we can do on this one, but just to wait.
Hi All,We have 9100 AP trying to join on 9800 WLC. When AP try to join controller it gives below error Sending Join request to 172.16.31.66 through port 5254Discarding msg CAPWAP_WTP_EVENT_REQUEST(type 9) in CAPWAP state: Join(5)Discarding msg CAPWAP...
Hello, I hope somebody has a solution for the issue I am facing. I have 2 WAP150's, both with firmware 126.96.36.199, and I am not able to save a specific change. Under Wireless > Radio > Advanced Settings > Legacy Rate Sets I can unselect ra...
Hey Guys,I Have several 1600 Series AP's (AIR-CAP1602I-ZK9) that was working with WLC before, I changed them with 1800 series but would like to use 1600 Access Points series independently and without WLC for somewhere else, so I want to know do they...
This event was scheduled for September 23rd, but it has been moved to November 10 due to complex and unexpected circumstances. We apologize for all the issues this may cause.
Community Live- All Things LTE…4G, 5G and Whatever’s Next
(Live event - formerly...