10-25-2016 02:08 PM - edited 03-11-2019 12:11 AM
We have two ISE nodes (v2.0.0.306) one primary and one set to secondary. We suddenly having an issue with clients authenticating with wifi. When a client connects to a particular guest wifi network they get the 400 bad request error. If we go to
10-26-2016 09:25 AM
Make sure that you are redirecting to the same ISE that your WLC is actually sending it's radius requests to, otherwise it will fail. The easiest way is to simply not change the "host name" field at all, leave it unused, as ISE will fill in the proper ise server dynamically.
Remember that the WLC can choose to use either of the ISE servers, if any client fails to authenticate, ISE will stop responding, which can trigger the WLC to try and use the other ISE server. So check you ISE logs, to see which ise gets the mab request initially, and see if it's the same ise you are getting redirected to.
The CA Service is not related to portals
10-26-2016 09:31 AM
So should we uncheck the "Static IP/Host name/FQDN" option under the "Web Redirection (CWA, MDM, NSP, CPP)" settings? Assuming this will allow ISE to auto decide?
10-26-2016 09:36 AM
Exactly.
You should be aware that ise will use it's own configured fqdn per default when it auto-selects what should be in the redirect url. If you need to change that, due to DNS/Certificate contents or others, you can do alias commands in the CLI, or create one authorization rule that matches per ISE server, that then sends two different hardcoded fqdns.
09-29-2017 01:15 AM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: