Re: Problem with sponsor portal on Cisco ISE

lnw-team · ‎04-15-2024

Hello,

We are experiencing issues with guest access in one of our APAC locations. People who are trying to connect to "guest" SSID are getting IP address from the correct VLAN and sponsor portal is displayd properly. However, after typing their login credentials, although they get message saying that from now on they have internet access, when they try to access any website sponsor portal appears again and authentication process starts from the beginning. I've checked policy configuration on Cisco ISE and it's the same as in other sites. What's more, we can clearly see on the firewall that there's an internet traffic from the guest host to the internet and in the opposite direction. Nothing is being blocked. Any ideas?

Aref Alsouqi · ‎04-15-2024

It does seem that the order of the authorization rules in ISE might not be correct and as if the guest users hit the redirection rule again instead of hitting the guest flow allow rule. Also, please check the CoA is enabled as it would be needed in this case.

lnw-team · ‎04-15-2024

Authorization rules are correct. The same rules are configured for the other region.

MHM Cisco World · ‎04-15-2024

First point to check is check live log

Check authc authz and policy set for cleint' are it correct or not?

MHM

Aref Alsouqi · ‎04-15-2024

Is CoA enabled on the WLC? if so, I would raise this with TAC.