cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
823
Views
0
Helpful
3
Replies

Wired Guest-LAN with CWA via Cisco ISE?

Hi, 

I have 2 controllers (5508's) one acting as foreign one acting as anchor, I want to create a guest wired LAN but have Cisco ISE handle the CWA.

I have created the guest-lan, bound it to a vlan and have trunked the VLAN to my swicthport. guest access works fine If I disable the web URL redirect. 

However I am having issues redirecting clients to ISE on the wired guest lan to perform the CWA - 

However, when I apply the above config my client dosent seem to get properly redirected, the browser displays the following:

https://darl-portal.derbyshire.gov.uk:8443/?switch_url=https://1.1.1.1/login.html&client_mac=54:ee:75:53:e6:d6&wlan=WIRED-GUEST&redirect=google.com/

and then the browser times out

any ideas???

3 Replies 3

I have performed a capture on a client, I can see 2 way transport between ISE and the client, so the WLC must been pusing the client towards ISE but still getting the browser timeout 

Craig,

Did you ever find a solution to this issue? 

We are trying to enable guest wired in a similar fashion.  In our case, client gets redirected to ISE portal but after entering correct credentials, client receives success message within browser tab, however client does not have access to the network.  The WLC shows client is still in webauth_required.  The WLC is not receiving auth from ISE to allow client on to network.

Any input appreciated.

Mike.

Jake Sullivan
Level 1
Level 1

Remove the Layer 3 security.  This as long as the auth servers are setup, the redirect will go directly to the them to authenticate.  (ISE splash page).

TAC did that for me and now i get the splash page.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: