×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

ISE no redirect to origin URL after guest login

Unanswered Question
Dec 23rd, 2013
User Badges:

Hi, is there a possibility to redirect a guest user to the origin URL after he logged in successfully?

Right now the attached file is what the user sees after login.


Thanks!

Attachment: 
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Saurav Lodh Wed, 02/12/2014 - 03:39
User Badges:
  • Gold, 750 points or more

The first method is local web authentication. In this case, the WLC  redirects the HTTP traffic to an internal or external server where the  user is prompted to authenticate. The WLC then fetches the credentials  (sent back via an HTTP GET request in the case of an external server)  and makes a RADIUS authentication. In the case of a guest user, an  external server (such as Identity Services Engine (ISE) or NAC Guest  Server (NGS)) is required because the portal provides features such as  device registering and self-provisioning. The flow includes these steps:

  1. The user associates to the web authentication Service Set Identifier (SSID).

  2. The user opens the browser.

  3. The WLC redirects to the guest portal (such as ISE or NGS) as soon as a URL is entered.
  4. The user authenticates on the portal.

  5. The guest portal redirects back to the WLC with the credentials entered.

  6. The WLC authenticates the guest user via RADIUS.

  7. The WLC redirects back to the original URL.

This  flow includes several redirections. The new approach is to use central  web authentication. This method works with ISE (versions later than 1.1)  and WLC (versions later than 7.2). The flow includes these steps:

  1. The user associates to the web authentication SSID, which is in fact open+macfiltering and no layer 3 security.

  2. The user opens the browser.

  3. The WLC redirects to the guest portal.

  4. The user authenticates on the portal.

  5. The  ISE sends a RADIUS Change of Authorization (CoA - UDP Port 1700) to  indicate to the controller that the user is valid, and eventually pushes  RADIUS attributes such as the Access Control List (ACL).

  6. The user is prompted to retry the original URL.

Actions

This Discussion

Related Content

 

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode