I'm trying to configure external web auth (redirection to ISE guest portal) on WLC5508 (WLC software version 7.3.101).
I have two issues with this task:
- In some Cisco docs there is information that controller will substitute real external web auth server IP with IP of controller virtual interface - this is not happening in my case - wireless client gets real IP of web auth server in the http redirection (and can't connect to this address).
- In my case external web auth (ISE policy node) is located on management interface network, but not directly - it is reachable via default gateway of this interface. When wireless client tries to connect to external web auth (after getting redirection from WLC) i don't see any traffic to external web auth comming out from the management interface. My pre-auth acl allows traffic from any to external web auth (and back). I can ping external web auth server from the WLC.
Maybe someone has some ideas what else i should check to make sure that my config/setup is OK.
The virtual interface is used when the internal WebAuth portal on the WLC is used, not when a redirect happens. When using an external web server like ISE, you need to allow on the pre auth ACL access to the ISE box to obtain the ISE portal page.