Hi all
this is my environment, two wlc 8520 in HA foreign, two wlc 5508 in HA configured anchor, one ssid configured for guest access and cisco ise for captive portal with use of CWA.
For dhcp/dns/http redirect we open firewall port from dynamic interface/subnet on wlc anchor to dhcp/dns and cisco ise psn.
For radius flow we open firewall port from management interface/subnet on wlc foreign to cisco ise psn.
for tunnel EoIP we open other fw port described on doc fw port matrix, and the tunnel was up and work properly.
these flows are correct ?
when the client attempt to connect, from a span port on a switch we can' t see request to the radius.