cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
305
Views
5
Helpful
3
Replies
Highlighted
Beginner

ISE and WLC(5508)-Guidance?

Evening,

 

Here's a fun "where's Waldo" for anyone interested

Let's say I have a couple hundred AP's connected to 4x 5508 WLC's.

2 WLC's are for Buildings A,B,C,D.

2 other WLC's are for building E,F,G,H

All 4 WLC's point to the same ISE 2.3.

3 WLAN's exist across all 4 WLC's

SSID_old used 802 with Web Auth (Impulse Safeconnect device)

SSID_new and SSID_new_guest use Radius/PEAP and allow authentication via AD credentials and Captive Portal for the guest to login via AD creds OR guest use.

All WLANS work authenticating on buildings A,B,C,D.

Buildings E,F,G,H..... that's another story.

SSID_New prompts for your AD credentials, takes them, authenticates user fine. When you go to brownse, you get redirected to the Impulse Safeconnect, which is where the RUB is.

Where would I find this redirection after successfull PEAP auth?

 

 

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Master

Re: ISE and WLC(5508)-Guidance?

Come to think of it, is your old portal being redirected from the FW or router?  Once the WLC places the traffic in the network, it’s not redirecting anything. So unless you have an appliance inline that hijacks the session, that could be it, but you should look at the existing design to see where the other configurations are being set. I’m assuming you are using the same subnet?

-Scott
*** Please rate helpful posts ***
3 REPLIES 3
Hall of Fame Master

Re: ISE and WLC(5508)-Guidance?

It’s your allowed protocols and policies that is allowing that. Look at your radius logs and see which policy a device is hitting.
-Scott
*** Please rate helpful posts ***
Hall of Fame Master

Re: ISE and WLC(5508)-Guidance?

Come to think of it, is your old portal being redirected from the FW or router?  Once the WLC places the traffic in the network, it’s not redirecting anything. So unless you have an appliance inline that hijacks the session, that could be it, but you should look at the existing design to see where the other configurations are being set. I’m assuming you are using the same subnet?

-Scott
*** Please rate helpful posts ***
Beginner

Re: ISE and WLC(5508)-Guidance?

Thanks Scott,

Inline appliance listening on the same subnets as the AP groups.

Reconfigured and running now.

CreatePlease to create content