Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

WLC external web authentication

Hi all,

We are using auto anchor mechanism for guest clients . Anchor controller placed after the Firewall. Guest vlan will  be having reachabilty only to internet.

We want to use ISE for web authentication.

Since client subnet is not having reachbility to ISE , redirection page is not coming and we cant allow clients subnet to access internal resource .

So , is there a way WLC will forward the own web auth page to clients , but it needs to check with ISE for the  crdentials ?

Thanks for your help



Everyone's tags (2)
New Member

WLC external web authentication


Here is a short cisco doc that would answer your queries. It also has a configurable example:

New Member

WLC external web authentication

Hi Mantej Magat ,

thanks for your reply

I have gone through the document . As per it ,

Login page is from  external web server , and authentication of users against local data base in WLC.

But our requirement is,

Login page is from WLC , and authentication of users from ISE database .

IS that possible?

Cisco Employee

Re: WLC external web authentication

Yes that is possible.

Under the wlan configurations
• set layer 2 security to none
• set layer 3 to webauth (override to local or make sure global is set to local)
• point to the radius server (ISE) on the AAA servers tab. On the same tab change the authentication priority for webauth to radius > local

Sent from Cisco Technical Support iPhone App

New Member

WLC external web authentication

Hi Viten ,

Really thanks for your help . It got worked .

But again , ISE and AD communication is not happening properly for L3 SSID.

When the user tries to get connect , he is getting redirect URL . But during the authentication , we are getting error in ISE as

"ise has problems communicating with active directory  using its machine credentials "  and authentication getting failed .

Apart from this , we have one more SSID configured for L2 auth , and authentication is happening properly between client ,ISE and AD.

But only for L3 it is not working. could you pls suggest

Cisco Employee

WLC external web authentication


can you check what authorization policy are you hitting for L3 auth and L2 auth on ISE? maybe you will need add/modify a rule on ISE.

New Member

WLC external web authentication

Hi Viten ,

we have allowed the default permit access authorization policy for the clients once it get authenticates.

For authentication policy , in default list we are using external identity store as AD server.

WLC external web authentication


As per your query i can suggest you the following solution-


In this section, you are presented with the information to configure the features described in this document.

Note: Use the Command Lookup Tool (registered customers only) in order to find more information on the commands used in this document.

Complete these steps in order to configure the devices for EAP authentication:

Hope this will help you.