Guest Clients associated to WLC unable to communicate
I have been working through the creation of a Guest portal using ISE 1.2 and WLC's version 7.6.
There is a foreign WLC and an anchor in this scenario, both are 5508 devices.
I have created a new Guest Wireless SSID on both. I am doing Layer 2 MAC filtering on both and the Layer 3 on the Anchor.
Guests associate to the SSID, they are authenticated by ISE, and a redirect is in place that tells the client to go to the guest portal.
Everything stops at this point.
Client has an IP address. I can ping the client from the anchor WLC only. Client cannot ping anything nor its default gateway. From teh default gateway (A router in this case), I can see the MAC address of the client in the arp table, pointing out the correct interface toward the WLC, I can ping the WLC, but I cannot ping the client from the gateway, despite having an ARP entry.
It correctly receives the redirect request to talk to ISE, but as it cannot communicate with anything, I now have no idea if my ISE portal is working.
Client is in a run state on the foreign WLC, client is in a Webauth state on the anchor WLC.
What is causing this?
What commands can I run to find out what is going on?
This setup can also work with the auto-anchor feature of the WLCs. The only catch is that since this web authentication method is Layer 2, you have to be aware that it will be the foreign WLC that does all of the RADIUS work. Only the foreign WLC contacts the ISE, and the redirection ACL must be present also on the foreign WLC.
In the end I stripped off the WLAN config I had implemented on the Foreign and Anchor device. I put it back on exactly (I had screen shot all the settings) as it was before, and it all started working.
Totally bizarre, I can only assume some sort of bug was preventing a client talking to anything, as its now working perfectly!
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...
I have created a Powershell script to automatically add a Wireless Guest
User on Cisco WLCs. (tested on 2500 Series) The script should be
completely self explanatory. Prerequisites: Powershell SNMP Module
(Install-Module -Name SNMP) SNMP Write Access to y...