Wireless Access

last person joined: 13 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

hi guy, i have a question, Cisco ISE & Aruba Controller CP redirect.

This thread has been viewed 8 times

  • 1.  hi guy, i have a question, Cisco ISE & Aruba Controller CP redirect.

    Posted Jun 04, 2018 04:21 AM

    Hello experts

     

    Problem: The Static Captive Portal redirection is not happening when my user role is assigned.  Even when browsing to a http site on phone does not cause redirect.

     

    Smart phone connected to AP and got IP address.  AAA MAC auth was done to Cisco ISE AAA server.  Cisco ISE server retuened the role 'guest-ISE-portal'.  The next step would be that the Aruba controller redirects the client to the captive portal that is assigned to the role, not so?

    I am quite new to this and I cannot find the relationship between role and captive portal profile, because as you can see in my config, there is a circular relationship (they refer to each other - I have probably done something crazy) - please help. 

     

    Below is the client details - I can see that my expected role is assigned



  • 2.  RE: hi guy, i have a question, Cisco ISE & Aruba Controller CP redirect.

    Posted Jun 04, 2018 06:11 AM

    The config wasnt attached.

     

    Is the redirect happening on any device?

     

    Have you configured the "guest-ISE-portal" role on the controller as well? Can you share the config for the "guest-ISE-portal" role? It may be locked down and not allowing the http(s?) redirect. 

     

    If you're in a test environment you can temporarily set that role to allow all and see if that works. From there you will have a direction to investigate.

     

    Any other ideas @cappalli?



  • 3.  RE: hi guy, i have a question, Cisco ISE & Aruba Controller CP redirect.

    Posted Jun 04, 2018 12:05 PM

    Just curious if you are on AOS 8.3? I upgraded to 8.3 and it seems my non-802.1x SSIDs are having trouble. They are black holing devices randomly after they connect, hence breaking my captive portal.

    I'm not sure if its the 8.3 upgrade that broke it, but it seems to have happened at the same time.

    Thanks

    iann



  • 4.  RE: hi guy, i have a question, Cisco ISE & Aruba Controller CP redirect.

    Posted Oct 02, 2018 07:06 AM

    Regarding the 8.3 upgrade, we are running a cluster of about 30 Instant access points and following upgrade, most SSIDs worked fine, except for one that routes out new firewalls that we're testing. Took me a while to figure out that it wasn't a routing issue of some sort. Turned out to only be specific access points that were blackholing traffic back to clients connected to the one SSID. A simple reboot of the IAP resolved it.

     

    I just finished upgrading to 8.3.0.3 and the entire cluster was restarted. Spot checking SSIDs seems to reveal no further issues anywhere in the building. We're about to double the number of APs, and I was concerned about stability, but it appears to just be a quirk.