Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
693
Views
0
Helpful
0
Replies

Catalyst 9800: Flexconnect AP + Anchored Guest WLAN + CWA (MAB) + non-ISE RADIUS server

JPavonM
VIP
VIP

‎12-04-2019 04:36 AM - edited ‎07-05-2021 11:23 AM

Hi community,

 

We are facing an issue while configuring Guest WLAN with MAB and Pre-Auth ACL in IOS-XE 16.1x. It maybe related to 3rd-party RADIUS server (ForeScout) and maybe not.

 

Client associate > Pre-Auth ACL and redirect ACL is applied > Client open Splash Page to register > Client register and receive token > Client disconnect > Client reconnect and Splash Page is in Loading Status, and then Failure.

 

Client can resolve URL redirection, and can ping DNS server.

 

The status of the client in the anchor is: "Policy Manager State: Webauth Pending"

Other AAA parameters:

Auth Method Status List
Method : MAB
SM State : TERMINATE
Authen Status : Success
Local Policies:
Service Template : wlan_svc_CENTRAL-2-ANCH-GUEST (priority 254)
Vlan Group : dmz_c-guest
Absolute-Timer : 1800
Server Policies:
URL Redirect ACL : C-Guest-Pre-Auth
URL Redirect : https://guestwifi.abc.com/captiveredirect/a?t=E401DA2C7B8B85B0
Resultant Policies:
VLAN Name : c-guest_x
URL Redirect ACL : C-Guest-Pre-Auth
URL Redirect : https://guestwifi.abc.com/captiveredirect/a?t=E401DA2C7B8B85B0
Vlan Group : dmz_c-guest
VLAN : x
VLAN Name : c-guest_x
Anchor VLAN : 0
Absolute-Timer : 1800

 

In ForeScout we see reauthentication and authorization succeed for that MAC addr, accouinting session is created and WLAN association status is "Associated/Run", WLAN Client connectivity Status is "Yes"

 

Meanwhile, for BYOD WLAN using PEAP and same Anchor everything is working fine.

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card