09-30-2016 01:37 PM - edited 03-11-2019 12:07 AM
Network Layout: 2 - Foreign Controllers (1 is in production and 1 is in QA - slated to be the new production) so I am migrating from production to the new controller. 1 - Anchor controller with mobility anchored to both Foreign controllers for guest. 1 - ISE 1.2 server in production and provides guest portal for current production controller. 1 - ISE 2.1 server in QA and will have have the 1.2 migrated over. 2 - Distinct SSIDS on the controllers for guest. 1 - SSID has the AAA server of the 1.2 server and the other SSID has the AAA server of the 2.1 server.
Problem: My current guest portal is on 1.2 and authenticates our guest via CWA with no problem. Using the 2.1 server, anchor controller and new foreign controller I created a new ssid to test the 2.1 guest portal. The problem is I cannot get the new guest portal on the 2.1 server to work. I have followed multiple documents to configure guest, but it still does not work. When I connect to the guest portal I attach to the ssid, client shows connected on both controllers and on the anchor controller I have a NAC State of CENTRAL_WEB_AUTH . The webpage comes up, but never loads and finally errors out with a time out error.
Troubleshooting: I did a debug and what I found is that even though my policy sets on the 2.1 server are setup to push down the url for the 2.1 server for some reason I am seeing hits on my production foreign controller and getting the guest url from the 1.2 server portal.
Question: Is it possible to use an anchor controller to serve up 2 guest portals with 2 seperate ISE servers using separate policies? Isn't the guest request determined by the cisco-av-pair url pushed to the client via the Authorization Policy? Does the anchor controller have any participation in what guest portal a client should use?
Any help would be greatly appreciated.
Bret
10-05-2016 11:43 AM
Bump it up...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide