03-09-2015 09:31 AM - edited 07-05-2021 02:40 AM
I am setting up Cisco wireless along with ISE 1.3 for guest wireless. The client is going to use the self-registration portal for guest wireless users. I followed this Cisco doc to configure the self-registration portal:
I tested this in my home lab and everything works fine. However, at the client users are not getting IP addresses from the DHCP server. This is the same DHCP server that is used for corporate wireless and if you connect that SSID, you get an IP address. I have looked what I configured at home and the client and everything looks the same. In the back of my mind, I feel something is missing, but I can't figure out what it is.
Edit: Not sure if this makes a difference or not, but they are using a Nexus 5K for their core switch and it hosts the SVI for this network.
Let me know what information you need and I will post it.
TIA,
Dan
03-10-2015 07:29 AM
Hello,
Some verifications below :
Did you verify if DHCP Proxy is enabled in wlc's wlan interface ? Case DHCP proxy is disabled, did you verify if the ip helper address is enabled in Nexus SVI ?
DHCP Scope is enabled in the DHCP Server or is enabled in the WLC ?
Verify if Trunk in the switch is enabled correctly passing all VLANs to WLANs ?
Verify if ACL to redirect configured in the WLC is allowing DHCP Server and DHCP Client to client receive IP Address and ports 8443 to Cisco ISE and DNS to resolve some address and get access to ISE Portal ?
The scenario is Local Switching or Central Switching ?
Regards
03-10-2015 07:34 AM
We figured out what the issue is, but not how to resolve it (yet). I did open a TAC case since this is getting more critical to fix since it's crunch time The TAC engineer tried everything she could, but to no avail. She suggested putting switchport in the vlan that guest wireless users are in and see if I can get an IP that way. I did that this morning and I couldn't get one. So, there is something else going on with that SVI. It's configured the same way as the one for the corporate wireless, so I am stumped as to why that doesn't work.
03-10-2015 07:53 AM
Ok deyster.
When you solve the problem with TAC, post the problem solution here.
Thanks.
03-10-2015 09:00 AM
The issue is fixed. There was a route pointed to the wrong next hop on their MPLS router.
03-16-2015 02:37 AM
Please refer to the link for configuring guest access in ISE 1.3-
http://www.cisco.com/c/en/us/td/docs/security/ise/1-3/admin_guide/b_ise_admin_guide_13/b_ise_admin_guide_sample_chapter_01111.html
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide