I have allowed all IP to the ISE servers from the DMZ the Guest 5508 WLC sits. I see requests coming in from a WLAN configured on the inside WLC but nothing from the SSID that comes from the WLC within the DMZ it is a mobility anchor for the guest network on all my WLC's. What needs to be opened for this communication? or will the mobility anchor type setup not work in the ISE world? I have uploaded the config of the guest WLC we are on 7.6.130
Yes it is within a DMZ, the ACL isnt applied to this wlan yet as we are in testing phase. In ISE I see requests coming from a WLC within the network, this WLC passes guest traffic to the WLC in the DMZ the WLC has all IP Open to the ISE servers. Looks like a simple radius config but is there some other protocol needs to be let thru?
Does the anchor controller send this request? I see nothing from teh WLC thru the monitor in my ASA firewall for any WLAN traffic. Only talking back to the other controllers. I'm confused over how this traffic flows, the main WLC holds the SSID's the Guest is handed off to the Guest controller thru the mobility but does the request to the radius or ISE servers come from the guest controller or the main controller the AP's belong to?