- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-30-2021 12:12 AM - edited 07-02-2021 09:37 PM
I am having a strange issue with WLC 9800 17.3 configured for guest wifi access in CWA scenario. It seems that whenever user is trying to access web page WLC is presenting its own certificate instead of redirecting to url provided by ISE. Any idea what could be causing this
Solved! Go to Solution.
- Labels:
-
Wireless LAN Controller
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-30-2021 05:21 AM
Personally yes i guess so as long as working, just monitor - test it, take feedback from users (is the best ) to see all working as expected.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-30-2021 01:57 AM
we are not sure how the configuration done at your end : best is i suggest look at below document provide more information, how the redirecting taking place :
Look at the below document :
look at the thread :
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-30-2021 04:18 AM
it seems like we found the issue. This is Foreign/Anchor setup with CWA
used to authentication. What we found out was that we had
ip http server (on Foreign)
and
no ip http server (on Anchor)
we are running 17.3.1
What fixed it was doing it the other way arround
no ip http server (Foreign)
ip http server (Anchor)
and it started working. Now, I am not sure does this make sense?
The problem was seen as after MAB phase ISE would return ACL + redirection
URL to Foreign WLC but user would never be redirected to this url for some
reason
After the change explained above the things started working
Is this expected behavior?
Regards
Nino
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-30-2021 05:21 AM
Personally yes i guess so as long as working, just monitor - test it, take feedback from users (is the best ) to see all working as expected.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-09-2021 10:39 AM
you can keep (no ip http server) on both WLCs Foreign and Anchor but you need to do the below:
conf t
parameter-map type webauth global
webauth-http-enable
Starting from 17.3.1 there is new cli commands to enable/disable http/https on the WebAuth, this was listed here in the release notes https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/17-3/release-notes/rn-17-3-9800.html
