Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
728
Views
10
Helpful
3
Replies

Wireless Hotspot for guest with ISE2.6 is failing

sushanta.behera22
Level 1
Level 1

‎05-23-2020 08:50 PM - edited ‎07-05-2021 12:05 PM

Hi guys,

As part of POC , I started working to setup wireless Hotspot for guest on WLC 5520  code 8.5.161.0 integrated with our DEV ISE2.6 for webpage redirection and authentication & authorization. I followed all the cisco recommended steps and setup is completed (not sure if I missed any small thing) however clients not able to join to this new SSID called - PublicWiFi. 

Issues:

clients are not getting DHCP ip address nor getting redirected to login page.

I tried to create DHCP pool on direct core switch and even in local DHCP server however both are failing. And also there is no Radius live logs. But I captured debug logs from wlc and attached here.

 

steps I did:

- created new SSID - PublicWiFi, new interface publicwifi  with new subnet, ISE IP address configured as radius server

- created new vlan, SVI , DHCP scope created on DHCP server

-2 ACL configured on wlc , one for redirect and second for internet access & block internal subnets

- In ISE , created hotspot guest portal, associated end-point group. authorization profile and authentication  policy under policy set

 

I will attach here all screen shot from my WLC and ISE server. Please verify it and ask me if you need any more information.

 

Thanks,

Sushant

 

 

 

Labels:
Preview file
92 KB
Preview file
35 KB
Preview file
48 KB
Preview file
46 KB
Preview file
37 KB
Preview file
19 KB
Preview file
31 KB
Preview file
33 KB
Preview file
30 KB
3 Replies 3

Rasika Nayanajith
VIP
VIP

‎05-24-2020 09:54 PM

If you simply make it open SSID, will the client get an IP address? I would start from there.

 

Hope you are following something like below

https://community.cisco.com/t5/security-documents/ise-guest-access-prescriptive-deployment-guide/ta-p/3640475 

 

HTH

Rasika

*** Pls rate all useful responses ***

sushanta.behera22
Level 1
Level 1
In response to Rasika Nayanajith

‎05-27-2020 10:35 AM

Hi Rasika,

 

I changed the L2 security as  none and uncheck MAC filtering , client able to connect to the open SSID and can access to the internet without any issues. yes Im following up that links and setup done in both WLC and ISE same way.  I changed back to MAC filtering on and NAC state as ISE NAC  .. this time client not able to connect to SSID. 

 

 

 

Thanks,

Sushant

0 Helpful

patoberli
VIP Alumni
VIP Alumni
In response to sushanta.behera22

‎05-29-2020 02:28 AM

Not sure if you need MAC filtering on the WLC for this.
Besides that, make sure your pre-authentication ACL allows the DHCP packets.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card