Wondering if anyone here has seen this before, it's got me scratching my head at present:
We have a working CWA implementation in a central site with APs in local mode, clients are redirected to ISE guest portal using MAB, can register & log in as expected.
For other sites that don't have local controllers we have APs configured for FlexConnect with central authentication, local switching, & VLAN support, which works fine for registered devices, but when a client atempts to use CWA the process hangs after the redirect to the guest portal (the portal screen never appears). I've created FlexConnect ACLs identical to the local ACLs as per CSCue68065, but that made no difference.
The ISE shows that the first MAB authentication completes successfully; in the client details on the WLC I see the correct redirect URL & ACL, but the client never reaches the ISE for the second authentication. (nothing on live authentications screen for second auth, client browser times out)
I am experiencing the exact same issue. But only difference is we are using flex ap on central site and it works fine. But the same thing is not working for remote branch office. Tried different settings but still no luck.