I've been having a tough time getting all the bugs worked out of a CPPM/Cisco WLC CoA setup. I had 'controller-initiated' redirect working, but wanted to change to 'server-initiated' to get the redirect from CPPM for more flexibility. I finally have it pretty much working, except for one hiccup i'm having with the auth sequence.
I have the MAC caching service working, when a client is unknown it sends the redirect URL to CPPM guest, where i have a simple click-through page that authenticates the user as an anonymous guest. The weirdness comes after this, after the webauth sends a CoA to reauthenticate or bounce the user, the MAC cache service is failing to map the role as MAC Cache, and performs another CoA URL redirect. The client gets redirected a second time to the guest portal. Now, if I click through the portal a second time, nothing else changes, THEN the MAC cache service applies the correct role and allows the connection. Or, if I have profiling enabled on the service, it performs the first auth, does a CoA bounce, and performs the second auth correctly again with the user still sitting at the redirect portal. I just can't figure out why the first service hit after the webauth isn't matching the rules and allowing the connection. I have put a 10sec delay in the login page hoping that would help in case it didn't have enough time to update the endpoint records, but no change. Any ideas?
On a somewhat related note, after the webauth, why isn't the client redirected back to their original URL? Now i have it setup to redirect to the canned 'you are now connected' page, but I'd like them to redirect to their original destination. I've found the technote for this but it only applies to Aruba WLCs, not Cisco apparently.
Thanks.