collapse

Search


User Info

 
 
Welcome, Guest. Please login or register.
Did you miss your activation email?

Author Topic: ISE 2.3 and Cisco Web Auth not working  (Read 36365 times)

bposner

  • Guest
ISE 2.3 and Cisco Web Auth not working
« on: September 01, 2017, 07:20:17 AM »
anyone else here got a 2.3 install running? i cannot get my guest setup working. we updated from 2.2 to 2.3 and i had to recreate the whole policy set but got it all working again in the end with the exception of the guest wifi rules. but the thing is even the DEFAULT captive web auth doesn't seem to be working either.

so i setup a lab with a fresh 2.3 install connecting to a lab WLC. i can get a user to connect to the SSID but they NEVER get redirected to the PSN for login to the guest portal. they just get full access and go right out to the web with no login at all. live logs show the user's system connecting and getting throw into the Wifi_Redirect to Guest Login authZ policy but they never get any prompts! and like i said this is happening on our new 2.3 install and on a FRESH, out of the box 2.3 LAB setup.

bposner

  • Guest
Re: ISE 2.3 and Cisco Web Auth not working
« Reply #1 on: September 01, 2017, 09:18:46 AM »
was asked to check if my ACL name referenced in my AuthZ profile matched the ACL written on the WLC and to be safe i rebuilt them again.

cannot upload screenshots (the tiniest of JPEGs) tho...

bposner

  • Guest
Re: ISE 2.3 and Cisco Web Auth not working
« Reply #2 on: September 01, 2017, 09:33:23 AM »
attempting to upload screenshot of the client's auth details

bposner

  • Guest
Re: ISE 2.3 and Cisco Web Auth not working
« Reply #3 on: September 01, 2017, 09:34:01 AM »
screenshot of the live log from the ISE console

bposner

  • Guest
Re: ISE 2.3 and Cisco Web Auth not working
« Reply #4 on: September 01, 2017, 09:35:13 AM »
screenshot of default policy set i'm using

bposner

  • Guest
Re: ISE 2.3 and Cisco Web Auth not working
« Reply #5 on: September 01, 2017, 09:35:59 AM »
screenshot of the Cisco_WebAuth_TEST AuthZ profile i'm using referencing the ACL on the WLC

bposner

  • Guest
Re: ISE 2.3 and Cisco Web Auth not working
« Reply #6 on: September 01, 2017, 09:36:30 AM »
screenshot of the REDIRECT acl as defined on the WLC

bposner

  • Guest
Re: ISE 2.3 and Cisco Web Auth not working
« Reply #7 on: September 01, 2017, 01:12:10 PM »
i found a few issues with my setup.  :o
 
1) i forgot to enable Radius NAC for the two SSIDs i had been testing with. that was a major break through. With that setting enabled I was finally getting a redirection page opening on my test client.
 
2) because i was using an Anchored WLC setup i also had to have the redirection url applied on the anchor WLC which explains why we weren't seeing any of the hit counters on the main WLC.
 
once i got both of those squared away and setup a guest account to test with it was in business.

Offline MC

  • Global Moderator
  • Cisco Guru
  • *****
  • Posts: 401
  • Reputation: 606
  • CCIE x3 (RS,Sec,SP)
  • Certification: CCIE
Re: ISE 2.3 and Cisco Web Auth not working
« Reply #8 on: September 14, 2017, 08:34:06 PM »
Thanks for sharing your findings. Usually if you see ISE returning redirect URL to WLC but client is not redirected, it's usually WLC config issue. Adding anchor WLC certainly make things a little trickier. SSID config on both WLC and anchor should always be identical.

 

Related Topics

  Subject / Started by Replies Last post
1 Replies
16881 Views
Last post October 03, 2013, 11:43:58 PM
by MC
2 Replies
31459 Views
Last post July 20, 2014, 04:52:11 PM
by MC
2 Replies
25539 Views
Last post February 09, 2015, 10:54:52 AM
by ozone007
1 Replies
25051 Views
Last post January 02, 2018, 04:51:14 AM
by MC
1 Replies
80893 Views
Last post March 11, 2018, 09:06:31 PM
by MC

SimplePortal 2.3.7 © 2008-2024, SimplePortal