04-15-2024 06:15 AM - edited 04-15-2024 06:30 AM
Hello,
We are experiencing issues with guest access in one of our APAC locations. People who are trying to connect to "guest" SSID are getting IP address from the correct VLAN and sponsor portal is displayd properly. However, after typing their login credentials, although they get message saying that from now on they have internet access, when they try to access any website sponsor portal appears again and authentication process starts from the beginning. I've checked policy configuration on Cisco ISE and it's the same as in other sites. What's more, we can clearly see on the firewall that there's an internet traffic from the guest host to the internet and in the opposite direction. Nothing is being blocked. Any ideas?
04-15-2024 06:39 AM
It does seem that the order of the authorization rules in ISE might not be correct and as if the guest users hit the redirection rule again instead of hitting the guest flow allow rule. Also, please check the CoA is enabled as it would be needed in this case.
04-15-2024 07:06 AM
Authorization rules are correct. The same rules are configured for the other region.
04-15-2024 08:47 AM
First point to check is check live log
Check authc authz and policy set for cleint' are it correct or not?
MHM
04-15-2024 09:29 AM
Is CoA enabled on the WLC? if so, I would raise this with TAC.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide