Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
724
Views
0
Helpful
0
Replies

CWA Guest WLAN with ISE (in SDA fabric)

aleopoldie
Level 3
Level 3

‎03-06-2020 03:04 PM - edited ‎07-05-2021 11:49 AM

Hello,

 

I am facing an issue and perhaps someone can help me here.

I have a SDA fabric with 2 x 9800 in SSO cluster mode, 2 ISE in the LAN; configured for the 802.1x SSIDs (let's say they have IP address 10.0.0.12 and 10.0.0.13). We have configured these 2 ISE on the DNAC and it has been pushed on all our fabric devices, 9800 included.

We also have 2 other PSN ISE in the DMZ (let's say 10.0.0.14 and 10.0.0.15) with guest portal, that we want to use for the guest redirection. We configured a template editor with the correct ACL, and we are well redirected, but we are facing Error 400, because the request is always sent to the LAN ISEs and not to the DMZ ISEs, so the portal is never showing.

 

We tried to configure the ISE servers 10.0.0.14 and 10.0.0.15 manually on the 9800, and changed the configuration of the guest SSID to match a specific AAA method list which is linked to the DMZ ISE, but it's never working.

On the client session on the 9800, we see that the good redirect URL is sent to the client, with IP address 10.0.0.14:8443, but on the ISE Radius live logs, we see that the 10.0.0.12 is always answering to the request ...

 

Did someone face the same issue ? I hope I explained my issue correctly.

 

Thank you.

 

Léo

0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card