Cisco Support Community
Community Member

Cisco ISE 1.2 Guest Portal customization with vWLC redirect

Hello Support Community,

we have a problem regarding customized web authentication on ISE 1.2 with Package We have a Virtual Wireless Controller where we do a redirect to ISE. When we use default guest portal on https://x.x.x.x:8443/guestportal/Login.action authentication and authorization works fine. When we do redirect to Cisco templates on https://x.x.x.x:8443/guestportal/portals/example/Login.html customized login page is displayed and after correct authentication guest successful page is displayed but we can't go to any webserver although ISE shows authentication and authorization as successful. When we try to reach a webserver after successful authentication we get redirected to customized login site. Virtual Wireless Controller shows client aus "Webauth Required" after successful authentication. Central Web Authentication isn't possible because we have a different AAA Server for 802.1X and only use wired guest access on a particular VLAN from WLC. Are there any known issues regarding customization template or is there something wrong regarding our redirect?


I hope somebody can help us.


Best Regards



Cisco Employee

Hello Benjamin-Can you:1.

Hello Benjamin-

Can you:

1. Post screenshots of your WLAN configuraiotn tabs?

2. Check the logs in the WLC and see if there are any errors for that client/mac address

3. You can issue a debug (In CLI) for that mac address in the wlc post the results back here


Also, I am a bit confused on your statement about not being able to use CWA. The CWA is not tied to 802.1x so you should be fine using it for your SSID.


Thank you for rating helpful posts!

Community Member

Hello Neno,1. I attached

Hello Neno,

1. I attached screenshots below.

2. There is nothing related to this client.

3. I attached Debug below.

We are currently using MAB on our switches as a fallback to our 802.1X on our wired access. Order and Priority currently is 802.1X/MAB/Auth-Fail-VLAN. CWA is based on a failed MAC-Authentication which leads to an Authorization Profile to permit access with Webauth.
If you configure Wired guest access on WLC there isn't a possibility to configure MAC-Authentication.
CWA on our switches isn't possible because we are currently using failed MAC-Authentication to direct clients to our Auth-Fail-VLAN which has restricted access secured by SVI-ACL which allows us HTTP Access to printers (manual Cert Deployment) and automated Cert enrollment to our computers.


Best Regards



Cisco Employee

Hmm that is very strange. It

Hmm that is very strange. It is acting as if the Pre-Auth ACL is not being removed after successful authentication. A couple more questions:

1. Can you edit the authorizatio profile and set it not to reference an ACL and then test it again

2. What version of code are you running on your WLC


On the CWA side. You can definitely enable CWA on your wireless network without affecting your wired deployment. If you are using ISE 1.2 you can utilize "Policy Sets" and configure the server so it applies different AAA policeis to wired, wireless, vpn, etc. If you don't have 1.2 running then you can make your "conditions" more specific, thus seperating wireless from wired. 

Community Member

1. Currently there is only a

1. Currently there is only a "permit access" authorization profile without referenced ACL.


2. 7.6.120


If you setup a wired guest "WLAN" on WLC there is no possibility of configuring MAC Filtering. Therefore CWA is not possible in our scenario.

Cisco Employee

Are you saying that once you

Are you saying that once you authenticate with the custom portal, its loops back to the login page again? What ISE version and patch are you on?





Community Member

Hello, I authenticated with



I authenticated with the custom portal and was redirected to "Default Authentication Success Page" (not customized) and when I entered the original URL again I was redirected to "Default Login Page".

ISE Version and patch is:



CreatePlease to create content