I am trying to deploy a new guest wireless solution using a 3650s as the MA, a 5760 as the MC, and a 5760 as the guest anchor. ISE is being used as the guest auth server.
When no auth requirements are set on the guest wlan, everything works fine. I get an IP address and can get to the internet, VPN, etc. As soon as I enter the security web-auth command on the wlan, my client drops and goes into an Acquiring IP Address state. When I check the client on the controller, it is in a Policy Manager State of START.
As soon as I remove the security web-auth commamd from the wlan, I connect right up. It is my understanding that in guest, the client gets an IP address first in order to get redirected to the spoofed external web page, in my case ISE.
Any thoughts on what I am missing on my guest anchor, or MA config? Do I need to make any changes to the wlan on the MC? Any documentation about the relationship between the MA, MC, and guest anchor would be appreciated, I am not 100% sure which devices are required to have the client reach the guest anchor and get connected.