Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
1687
Views
5
Helpful
5
Replies

Guest CWA web authenticaion issue with ISE and 9800 WLC

00u14etpsdAS9rRiP5d7
Level 1
Level 1

ā€Ž07-01-2021 04:23 AM - edited ā€Ž07-02-2021 09:37 PM

Hi,

We are facing issues in guest cwa web authentication as guest user needs to authenticate twice for getting access to guest wifi network.We have 9800 WLCs in 16.12.4a flash version with foreign - anchor setup for guest user vlan.As per ISE logs and user experience he is successfully passing authentication in first instance and when try to browse internet the login page is redirected and when he puts the credentials in second time he is successfully connected to internet.so user is able to access the guest network after entering the credentials twice eventhough first attempt is successful....

 

For testing we tried the setup by using a guest user vlan on the foreign side and run the test without the foreign anchor setup for guest vlan..In that scenario the guest authentication works fine and only one time login is required.

 

Please suggest on the same.

5 Replies 5

Grendizer
Cisco Employee
Cisco Employee

ā€Ž07-01-2021 09:18 AM

The Anchor WLC doesnā€™t need to know about ISE (RADIUS) and actually, there is no communication between the Anchor and ISE (RADIUS) but will need to have the same ACL on both Foreign and Anchor, So, remove ISE config from the Anchor.

0 Helpful

00u14etpsdAS9rRiP5d7
Level 1
Level 1
In response to Grendizer

ā€Ž07-01-2021 02:20 PM

Hi,

Thanks for your reply.We tried disabling radius accouting from policy sets on anchor wlc still the issue remains the same.What else needs to be removed.please suggest..

 

0 Helpful

Grendizer
Cisco Employee
Cisco Employee
In response to 00u14etpsdAS9rRiP5d7

ā€Ž07-02-2021 07:13 AM

Itā€™s not just accounting, you donā€™t need to configure the Anchor with ISE RADIUS at all, if thatā€™s needed for some reason for other SSIDs then you can remove related config from the CWA WLAN.

0 Helpful

00u14etpsdAS9rRiP5d7
Level 1
Level 1
In response to Grendizer

ā€Ž07-05-2021 03:34 AM

Hi,

 

We tried removing the ISE(radius) configuration from anchor but still the issue remains the same.Client needs to authenticate twice in guest portal for getting connected to guest network using CWA.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card