08-07-2019 06:31 AM - edited 07-05-2021 10:49 AM
When i connecting in my SSID, no automatic redirect to https://1.1.1.1/
But when i enter url https://1.1.1.1 with my hands everything is ok working !
My config:
WLAN Identifier.................................. 16
Profile Name..................................... Guest-WEB
Network Name (SSID).............................. Guest-WEB
Status........................................... Enabled
Web Based Authentication...................... Enabled
Web Authentication Timeout.................... 300
IPv4 ACL........................................ web-acl
IPv6 ACL........................................ Unconfigured
Web-Auth Flex ACL............................... Unconfigured
Web Authentication server precedence:
1............................................... ldap
2............................................... local
3............................................... radius
Web-Passthrough............................... Disabled
Mac-auth-server............................... 0.0.0.0
Web-portal-server............................. 0.0.0.0
Conditional Web Redirect...................... Disabled
Splash-Page Web Redirect...................... Disabled
##
(Cisco Controller) show>custom-web wlan 16
WLAN ID: 16
WLAN Status................................... Enabled
Web Security Policy........................... Web Based Authentication
Global Status................................. Enabled
WebAuth Type.................................. Internal
###
WLC -> Management -> HTTP-HTTPS
HTTP-HTTPS Configuration:
HTTP Access - Disable
HTTPS Access - Enabled
WebAuth SecureWeb - Enabled
HTTPS Redirection - Enabled
Web Session Timeout - 30 Minutes
##
My Preauthentication ACL :
(Cisco Controller) show>acl detailed web-acl
Source Destination Source Port Dest Port
Index Dir IP Address/Netmask IP Address/Netmask Prot Range Range DSCP Action Counter
------ --- ------------------------------- ------------------------------- ---- ----------- ----------- ----- ------- -----------
1 Any 0.0.0.0/0.0.0.0 10.0.253.20/255.255.255.255 17 0-65535 53-53 Any Permit 468
2 Any 10.0.253.20/255.255.255.255 0.0.0.0/0.0.0.0 17 53-53 0-65535 Any Permit 466
3 Any 0.0.0.0/0.0.0.0 10.1.254.20/255.255.255.255 17 0-65535 53-53 Any Permit 2
4 Any 10.1.254.20/255.255.255.255 0.0.0.0/0.0.0.0 17 53-53 0-65535 Any Permit 2
5 Any 0.0.0.0/0.0.0.0 1.1.1.1/255.255.255.255 Any 0-65535 0-65535 Any Permit 0
6 Any 1.1.1.1/255.255.255.255 0.0.0.0/0.0.0.0 Any 0-65535 0-65535 Any Permit 9159
DenyCounter : 12069
Full config in attachment.
04-23-2020 05:36 AM
Update:
My laptop is now able to connect to the SSID and a web browser automatically is displayed with the url for the portal, but displayed with an error that is 'site cant be reached'
DNS record is in place stating the url name of the ISE server ip address.
WLC has acl rule in place allowing UDP/DNS and TCP8443 to ISE server
@Marc0 wrote:Hi
im having similar issues however I’m setting my re-direct to my ISE box.
The issue I’m expecting is where my windows 10 device is connect to the guest SSID but it is not auto loading a web page with the re-direct url.
The WLC is on code 8.3.113 and ISE on 2.3(patch 4)
04-23-2020 05:55 AM
04-23-2020 06:50 AM
so nslookup is resolving to the correct IP address, of the server and not a virtual address ie 2.2.2.2 for example.
Have looked at ISE to see if I can change the portal to be tcp/443 only and its design to be tcp 8000 - 8999, so have left it on 8443
04-23-2020 07:26 AM
04-23-2020 08:11 AM
Hi
We use private addressing.
Ive tried telnet and its failing so im seeing how I go about enabling it on the ISE unit.
FYI
My setup is both WLC and ISE sitting inside my network and not in the DMZ like most models would refer to.
04-23-2020 08:45 AM
04-23-2020 10:42 AM
04-23-2020 11:26 AM
04-23-2020 12:19 PM
04-23-2020 11:02 PM
04-24-2020 12:45 AM
04-24-2020 01:19 AM
04-24-2020 01:56 AM
04-24-2020 03:46 AM
04-24-2020 04:46 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide