Now, when user tries to connect to the wlan, it gets stuck in DHCP_REQD state. On troubleshooting I found that the ISE authenticates with Wireless MAB policy and points to the authorization profile where CWA redirect is configured. The WLC receives the redirect acl with redirect url but does not apply it on the client.
the ACL "tempcwa" allows traffic to and from ISE, DNS, DHCP, but I am not able to get IP. Even when I try manual IP address, I am not able to ping ISE. I am sure ACL is all ok! My DHCP works perfect for other WLANs with WLC webauth settings in the same subnet as CWA.
I am using AIR-CT5760, 03.02.02.SE, ct5760-ipservicesk9 and ISE 1.2 VM