cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
554
Views
0
Helpful
4
Replies

Guest WLC not talking to ISE it is in a DMZ

Mark Jensen
Level 1
Level 1

I have allowed all IP to the ISE servers from the DMZ the Guest 5508 WLC sits. I see requests coming in from a WLAN configured on the inside WLC but nothing from the SSID that comes from the WLC within the DMZ it is a mobility anchor for the guest network on all my WLC's.  What needs to be opened for this communication? or will the mobility anchor type setup not work in the ISE world?  I have uploaded the config of the guest WLC we are on 7.6.130

4 Replies 4

Stephen Rodriguez
Cisco Employee
Cisco Employee

According to the config you posted, you do have an ACL configured, but i don't see it applied anywhere.

 

Is the WLC really in the DMZ? and if it is, are you allowing the mgmt subnet back through the firewall?

 

HTH,

Steve

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

Yes it is within a DMZ, the ACL isnt applied to this wlan yet as we are in testing phase. In ISE I see requests coming from a WLC within the network, this WLC passes guest traffic to the WLC in the DMZ  the WLC has all IP Open to the ISE servers. Looks like a simple radius config but is there some other protocol needs to be let thru?

if you are allowing all IP from the WLC, I'd check the FW and make sure you are allowing that communication to go through.

 

HTH,

Steve

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

Does the anchor controller send this request? I see nothing from teh WLC thru the monitor in my ASA firewall for any WLAN traffic. Only talking back to the other controllers.  I'm confused over how this traffic flows, the main WLC holds the SSID's the Guest is handed off to the Guest controller thru the mobility but does the request to the radius or ISE servers come from the guest controller or the main controller the AP's belong to?

Review Cisco Networking for a $25 gift card