WLC型号为 C9800-L-C-K9
AP配置在local 模式 + central web authentication 对接ISE,能正常弹出认证页面并登陆成功
将AP改成flexconnect模式后发现无法弹出认证页面。flexconnect 的配置是按照https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/213920-central-web-authentication-cwa-on-cata.html 中 Flexconnect Local Switching Access Points ONLY部分配置的,flexconnect group已经配置了policy acl
AP接连Guest网络时console提示:
Mar 1 08:17:59.123: %CLIENT_EXCLUSION_SERVER-5-ADD_TO_BLACKLIST_REASON_DYNAMIC: Chassis 1 R0/0: wncmgrd: Client MAC: a21e.d39e.5c59 was added to exclusion list associated with AP Name:CN-WF6-AP29, BSSID:MAC: e44e.2d46.1b61, reason:Redirect ACL failure
Mar 1 08:17:59.123: %SESSION_MGR-5-FAIL: Chassis 1 R0/0: wncd: Authorization failed or unapplied for client (a21e.d39e.5c59) on Interface capwap_90000004 AuditSessionID 1F41A60A0000003F448EA6D5. Failure Reason: Redirect ACL Failure.
web页面显示用户状态为 :web auth pending
但ACL flexconnect 模式和local模式引用的是同一条acl,不太明白local模式能正常认证,flexconnect模式弹不出认证界面,
有没有好的排错思路?