Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1517
Views
1
Helpful
4
Replies

Cisco 9800 anchor web auth external redirect not working

codflanglers2
Level 1
Level 1

‎05-11-2023 06:57 AM

Hi all

I have a 9840 set up as a foreign controller with a 9800-L as an anchor running 17.3.4c. The mobility tunnel is up OK and the anchor is set as export anchor.

I have set up a guest WLAN to do web auth to an external site. When I connect a client to the guest WLAN it goes to run state on the foreign but sits at web auth pending on the anchor. The client never gets the redirect and hence eventually times out.

If I then go to the portal manually, I can eventually authenticate and get to the run state on both controllers. So looks like the backend authentication is all working as it should, but this is obviously not how it should work.

I basically took the working config from the 5500 and replicated that as much as possible for the 9800s, but it's just not doing the redirect.

Some other points:

We already have some older 5500 series acting in the same way (foreign/anchor) with external redirect to the same portal and these continue to function.

I have done packet captures and I do not seem to see the web redirect from either controllers to the client.

Any ideas? I was going to try and upgrade to version 17.6.5 to see if that made a difference just in case there's an undocumented bug I am hitting, but to be honest I think I'm missing configuration somewhere or I've done something wrong.

Labels:
0 Helpful
4 Replies 4

Flavio Miranda
VIP
VIP

‎05-11-2023 07:21 AM

Hello

 Do you have ISE?  Who is managing the guest portal, the ISE or the WLC?  

0 Helpful

codflanglers2
Level 1
Level 1

‎05-11-2023 08:21 AM

No Cisco ISE. We are using Aruba Clearpass for the guest portal. As I say, this is already a working solution on the older 5500 series WLCs, which are still running fine.

Essentially all we needed to do was add the new WLCs to the clearpass device group, which is the thing that would be referenced.

 

0 Helpful

Flavio Miranda
VIP
VIP
In response to codflanglers2

‎05-11-2023 09:31 AM

 I've seen in the past some problems related to the portal not opening and basically it was related to ACL or DNS resolution. 

Your scenario is not a simple one as it involves a mix of WLC IOS (AirOS and IOS-XE) and Third part Raduis. 

I'd recommend this link for guidance, if you did not reach it already and besides that, I would go to debug and see if something arise on the logs. 

https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/217931-configure-9800-wlc-and-aruba-clearpass.html#anc17

 

Captain82
Level 1
Level 1
In response to codflanglers2

‎05-03-2024 01:55 PM

How was the redirect issue resolved? I am having the same issue not getting the redirect from the 9800 to a ClearPass portal. I have tried a mix of deny DHCP, DNS, and allow http along with the tying in a parameter map and Authentication list to the layer 3 webpolicy.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card