Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

5760 v3.6 guest portal redirect to ISE

 

I'm testing a new set of 5760 controllers for a future production rollout, running software version 3.6.  Our current production setup consists of older WISM-1 and 4402 controllers running CUWN 7.0.  Our guest network has an anchor in the DMZ, redirecting to ISE.

In the recent thread (https://supportforums.cisco.com/discussion/12319151/3850-ise-guestportal-no-redirect-v-334), one of the posters said that guest redirection in 3.6 works similarly to redirection in CUWN, while in 3.3 it is very different.  I found the documentation for 3.3 (http://www.cisco.com/c/en/us/support/docs/wireless/5700-series-wireless-lan-controllers/117717-config-wlc-00.html), which I have to say I don't like very much.  However, I find the configuration and command reference guides for 3.6 are less than helpful on this point. 

So the question I have is whether guest networking with an external redirect to ISE looks like the following in 3.6?  Or does it work like CUWN, where the SSID is configured with layer 3 security?  If it uses layer 3 security like CUWN, does anybody have a quick configuration sample for how it can work end to end in 3.6?

------ From the document http://www.cisco.com/c/en/us/support/docs/wireless/5700-series-wireless-lan-controllers/117717-config-wlc-00.html ---------

The flow includes these steps:

  1. The user associates to the web authentication Service Set Identifier (SSID), which is in fact open+macfiltering and no Layer 3 security.
     
  2. The user opens the browser.
     
  3. The WLC redirects to the guest portal.
     
  4. The user authenticates on the portal.
     
  5. The ISE sends a RADIUS Change of Authorization (CoA - UDP Port 1700) in order to indicate to the controller that the user is valid, and eventually pushes RADIUS attributes such as the Access Control List (ACL).
     
  6. The user is prompted to retry the original URL.
1 REPLY
New Member

I have a project with a 5760

I have a project with a 5760 running 3.6 working to a 5508 anchor controller in a DMZ.

I have web authentication working to an ISE OK.

Regards

Roger

251
Views
0
Helpful
1
Replies
CreatePlease to create content