Wireless Access

New Contributor

hi guy, i have a question, Cisco ISE & Aruba Controller CP redirect.

Hello experts


Problem: The Static Captive Portal redirection is not happening when my user role is assigned.  Even when browsing to a http site on phone does not cause redirect.


Smart phone connected to AP and got IP address.  AAA MAC auth was done to Cisco ISE AAA server.  Cisco ISE server retuened the role 'guest-ISE-portal'.  The next step would be that the Aruba controller redirects the client to the captive portal that is assigned to the role, not so?

I am quite new to this and I cannot find the relationship between role and captive portal profile, because as you can see in my config, there is a circular relationship (they refer to each other - I have probably done something crazy) - please help. 


Below is the client details - I can see that my expected role is assigned

Not applicable

Re: hi guy,i have a question,please help me!

The config wasnt attached.


Is the redirect happening on any device?


Have you configured the "guest-ISE-portal" role on the controller as well? Can you share the config for the "guest-ISE-portal" role? It may be locked down and not allowing the http(s?) redirect. 


If you're in a test environment you can temporarily set that role to allow all and see if that works. From there you will have a direction to investigate.


Any other ideas @cappalli?

Occasional Contributor II

Re: hi guy, i have a question, Cisco ISE & Aruba Controller CP redirect.

Just curious if you are on AOS 8.3? I upgraded to 8.3 and it seems my non-802.1x SSIDs are having trouble. They are black holing devices randomly after they connect, hence breaking my captive portal.

I'm not sure if its the 8.3 upgrade that broke it, but it seems to have happened at the same time.



New Contributor

Re: hi guy, i have a question, Cisco ISE & Aruba Controller CP redirect.

Regarding the 8.3 upgrade, we are running a cluster of about 30 Instant access points and following upgrade, most SSIDs worked fine, except for one that routes out new firewalls that we're testing. Took me a while to figure out that it wasn't a routing issue of some sort. Turned out to only be specific access points that were blackholing traffic back to clients connected to the one SSID. A simple reboot of the IAP resolved it.


I just finished upgrading to and the entire cluster was restarted. Spot checking SSIDs seems to reveal no further issues anywhere in the building. We're about to double the number of APs, and I was concerned about stability, but it appears to just be a quirk.

Search Airheads
Showing results for 
Search instead for 
Did you mean: