Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

URL Logging for Guest Traffic using Guest Anchor and ISE

Hi there all,

I'm looking for a solution whereby I can log URL information for wireless guest users to ISE. The anchor WLC sits in a DMZ behind an ASA and the ISE is on the internal network. I found this document (see URL below) which is similar but using a NAC Guest Server and not an ISE.

I'm wondering if anyone has managed to do this using ISE?

http://www.cisco.com/en/US/products/ps6128/products_configuration_example09186a0080ac2fda.shtml#wlcc

1 ACCEPTED SOLUTION

Accepted Solutions

URL Logging for Guest Traffic using Guest Anchor and ISE

Hello. I have that scenario working succesfully. The only thing different from the config of the link provided is that you need to specify the UDP port 20514. Please see the following line :

logging host inside 192.168.215.16 17/20514

Here the number 17 means UDP and the number 20514 is the port number.

Please rate if it helps

5 REPLIES

URL Logging for Guest Traffic using Guest Anchor and ISE

Hello. I have that scenario working succesfully. The only thing different from the config of the link provided is that you need to specify the UDP port 20514. Please see the following line :

logging host inside 192.168.215.16 17/20514

Here the number 17 means UDP and the number 20514 is the port number.

Please rate if it helps

New Member

URL Logging for Guest Traffic using Guest Anchor and ISE

Many thanks Ed for your input.

Regards

Rhopd

New Member

URL Logging for Guest Traffic using Guest Anchor and ISE

Hi guys,

i'm really interested in knowing more about this.

How is the information displayed in the ISE? By following that document are you able to produce reports in ISE so that you can see USER ID, IP ADDRESS, TIME & DATE, URL Requested ??? For all guest users?

thanks

Mario

URL Logging for Guest Traffic using Guest Anchor and ISE

Hello Mario.

Here's a screenshot of the report . Hope it helps

New Member

URL Logging for Guest Traffic using Guest Anchor and ISE

Hi, Sorry for the late reply, I have been busy with a Proof Of Concept with the ISE.

I have tried your suggestion and I cannot get the same results as you.

I notice that the logs in your report were generated by an ASA. Do you know whether the same can be done with a switch dACL?

i have this configuration...

dACL

3k-access#sh ip access-list int fa0/1

     permit udp host 10.1.10.103 any eq domain

     permit icmp host 10.1.10.103 any

     permit tcp host 10.1.10.103 host 10.1.100.21 eq 8443

     permit tcp host 10.1.10.103 host 10.1.252.10 eq www log-input

     deny ip host 10.1.10.103 10.1.0.0 0.0.255.255

     permit ip host 10.1.10.103 any

Logging config...

logging esm config

logging trap debugging

logging origin-id ip

logging host 10.1.100.21 transport udp port 20514

with the above onfiguration, I get a report which shows the syslog messages of successful authentication and download of the dACL, but then when I access a URL, i do not see any events about the URL that was accessed or even the IP that was accessed.

DO you know if this can be done? maybe I am looking at the wrong report? Can you help?

Mario

2033
Views
0
Helpful
5
Replies