Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1003
Views
5
Helpful
3
Replies

ISE and WLC(5508)-Guidance?

Go to solution
gciarrocchi
Level 1
Level 1

‎08-24-2018 06:45 PM - edited ‎07-05-2021 09:01 AM

Evening,

 

Here's a fun "where's Waldo" for anyone interested

Let's say I have a couple hundred AP's connected to 4x 5508 WLC's.

2 WLC's are for Buildings A,B,C,D.

2 other WLC's are for building E,F,G,H

All 4 WLC's point to the same ISE 2.3.

3 WLAN's exist across all 4 WLC's

SSID_old used 802 with Web Auth (Impulse Safeconnect device)

SSID_new and SSID_new_guest use Radius/PEAP and allow authentication via AD credentials and Captive Portal for the guest to login via AD creds OR guest use.

All WLANS work authenticating on buildings A,B,C,D.

Buildings E,F,G,H..... that's another story.

SSID_New prompts for your AD credentials, takes them, authenticates user fine. When you go to brownse, you get redirected to the Impulse Safeconnect, which is where the RUB is.

Where would I find this redirection after successfull PEAP auth?

 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Scott Fella
Hall of Fame
Hall of Fame
In response to Scott Fella

‎08-24-2018 10:53 PM

Come to think of it, is your old portal being redirected from the FW or router?  Once the WLC places the traffic in the network, it’s not redirecting anything. So unless you have an appliance inline that hijacks the session, that could be it, but you should look at the existing design to see where the other configurations are being set. I’m assuming you are using the same subnet?

-Scott
*** Please rate helpful posts ***

View solution in original post

3 Replies 3

Go to solution
Scott Fella
Hall of Fame
Hall of Fame

‎08-24-2018 07:09 PM

It’s your allowed protocols and policies that is allowing that. Look at your radius logs and see which policy a device is hitting.
-Scott
*** Please rate helpful posts ***
0 Helpful

Go to solution
Scott Fella
Hall of Fame
Hall of Fame
In response to Scott Fella

‎08-24-2018 10:53 PM

Come to think of it, is your old portal being redirected from the FW or router?  Once the WLC places the traffic in the network, it’s not redirecting anything. So unless you have an appliance inline that hijacks the session, that could be it, but you should look at the existing design to see where the other configurations are being set. I’m assuming you are using the same subnet?

-Scott
*** Please rate helpful posts ***

Go to solution
gciarrocchi
Level 1
Level 1
In response to Scott Fella

‎08-30-2018 06:49 AM

Thanks Scott,

Inline appliance listening on the same subnets as the AP groups.

Reconfigured and running now.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card