01-30-2017 06:20 AM - edited 07-05-2021 06:27 AM
Hi,
I have 2 controllers (5508's) one acting as foreign one acting as anchor, I want to create a guest wired LAN but have Cisco ISE handle the CWA.
I have created the guest-lan, bound it to a vlan and have trunked the VLAN to my swicthport. guest access works fine If I disable the web URL redirect.
However I am having issues redirecting clients to ISE on the wired guest lan to perform the CWA -
However, when I apply the above config my client dosent seem to get properly redirected, the browser displays the following:
and then the browser times out
any ideas???
01-30-2017 07:50 AM
I have performed a capture on a client, I can see 2 way transport between ISE and the client, so the WLC must been pusing the client towards ISE but still getting the browser timeout
04-21-2017 05:08 AM
Craig,
Did you ever find a solution to this issue?
We are trying to enable guest wired in a similar fashion. In our case, client gets redirected to ISE portal but after entering correct credentials, client receives success message within browser tab, however client does not have access to the network. The WLC shows client is still in webauth_required. The WLC is not receiving auth from ISE to allow client on to network.
Any input appreciated.
Mike.
05-26-2017 08:37 AM
Remove the Layer 3 security. This as long as the auth servers are setup, the redirect will go directly to the them to authenticate. (ISE splash page).
TAC did that for me and now i get the splash page.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide