Showing results for 
Search instead for 
Did you mean: 

ISE 2.1 URL Redirection works randomly


I've a Cisco ISE 2.1 with patch 1 installed and Cisco SG500X as switches.

I've configured Radius-Vlan Assignment Policy with Central Web Authentication redirection.

I've configured DHCP and DNS services on ISE for guest users. DHCP lease time is 300 seconds.

Guest portal on ISE is configured on the same network where DHCP/DNS services are active. This network is completely isolated from other networks.

When there is a new guest on the network, the switch begins a RADIUS communication to ISE.

ISE sends the guest vlan to the switch for the new user. In the authorization policy there is also the information about URL Redirection.

As soon as the MAC Address is authorized, guest PC begins a DHCP request and ISE offers ip address on Guest Vlan.

After guest PC has received ip address, guest PC begins DNS resolution and Cisco ISE replies with its address.

The flow described above works perfectly.

The problem is that web redirection works randomly in a right manner.

I notice that URL Redirection works in various scenarios:

- DHCP/DNS Sinkhole as described before (scenario of URL static redirection)

- dynamic redirection with ACL

- without RADIUS authentication with switch port configured with VLAN static access configuration on guest VLAN.

Often web redirection doesn't work but sometimes it works.

When it works, it lasts for a very short period (some minutes).

This situation occurs with different PCs.

Today afternoon works only once (from 16.25 to 16.29)

I attach my prrt-management.log.

Every log before 15.48 is not valid because Guest Portal was active on a wrong interface so redirection could occur rightly.

Then I changed the interface and ISE began the reactivation process.

Valid logs are from 16.01.

I don't understand where is the problem. It is very strange that also without radius protocol, it works randomly.

Is there anyone who can help me?


Everyone's tags (1)