Cisco Support Community
Community Member

Cisco ISE Guest portal



I want to configurate guest portal(Central Web authentication)  for wireless client on Cisco ISE. I confuse that:

Must i configure redirect ACL in switch? If yes which access-group or which interface i applied this redirect ACL? 

I read that must be create redirect ACL in WLC. 


Hello Teymur,The redirect ACL

Hello Teymur,

The redirect ACL need to be configured on WLC. This ACL is referenced in the access−accept of the ISE and defines what traffic should be redirected (denied by the ACL) and what traffic should not be redirected (permitted by the ACL). Basically, DNS and traffic to/from the ISE needs to be permitted.

For further details go through this document:


"Please rate helpful posts"

Community Member

I also do my configuration

I also do my configuration form these guide. In this guide write that:

reate the Authorization Profile

On the ISE, the authorization profile must be created. Then, the authentication and authorization policies are configured. The WLC should already be configured as a network device.

In the authorization profile, enter the name of the ACL created earlier on the WLC.

  1. Click Policy, and then click Policy Elements.
  2. Click Results.
  3. Expand Authorization, and then click Authorization profile.
  4. Click the Add button in order to create a new authorization profile for central webauth.
  5. In the Name field, enter a name for the profile. This example uses WLC_CWA.
  6. Choose ACCESS_ACCEPT from the Access Type drop-down list.
  7. Check the Web Redirection check box, and choose Centralized Web Auth from the drop-down list.
  8. In the ACL field, enter the name of the ACL on the switch that defines the traffic to be redirected. This examples usescwa_redirect.

this confuse me. 

Cisco Employee

the ACL which you are

the ACL which you are referring to cwa_redirect should be configured on WLC not on switch if client type is wireless


Hi,check the below link for


check the below link for configuration example for Switch and WLC.

CreatePlease to create content