Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
702
Views
0
Helpful
4
Replies

Guest WLC not talking to ISE it is in a DMZ

Mark Jensen
Level 1
Level 1

‎09-02-2014 09:47 AM - edited ‎07-05-2021 01:28 AM

I have allowed all IP to the ISE servers from the DMZ the Guest 5508 WLC sits. I see requests coming in from a WLAN configured on the inside WLC but nothing from the SSID that comes from the WLC within the DMZ it is a mobility anchor for the guest network on all my WLC's.  What needs to be opened for this communication? or will the mobility anchor type setup not work in the ISE world?  I have uploaded the config of the guest WLC we are on 7.6.130

Labels:
Preview file
99 KB
0 Helpful
4 Replies 4

Stephen Rodriguez
Cisco Employee
Cisco Employee

‎09-02-2014 10:01 AM

According to the config you posted, you do have an ACL configured, but i don't see it applied anywhere.

 

Is the WLC really in the DMZ? and if it is, are you allowing the mgmt subnet back through the firewall?

 

HTH,

Steve

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
0 Helpful

Mark Jensen
Level 1
Level 1
In response to Stephen Rodriguez

‎09-02-2014 10:58 AM

Yes it is within a DMZ, the ACL isnt applied to this wlan yet as we are in testing phase. In ISE I see requests coming from a WLC within the network, this WLC passes guest traffic to the WLC in the DMZ  the WLC has all IP Open to the ISE servers. Looks like a simple radius config but is there some other protocol needs to be let thru?

0 Helpful

Stephen Rodriguez
Cisco Employee
Cisco Employee
In response to Mark Jensen

‎09-02-2014 11:02 AM

if you are allowing all IP from the WLC, I'd check the FW and make sure you are allowing that communication to go through.

 

HTH,

Steve

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
0 Helpful

Mark Jensen
Level 1
Level 1
In response to Stephen Rodriguez

‎09-02-2014 11:44 AM

Does the anchor controller send this request? I see nothing from teh WLC thru the monitor in my ASA firewall for any WLAN traffic. Only talking back to the other controllers.  I'm confused over how this traffic flows, the main WLC holds the SSID's the Guest is handed off to the Guest controller thru the mobility but does the request to the radius or ISE servers come from the guest controller or the main controller the AP's belong to?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card