Hi Team,
i try to configure a guest ssid with CWA against Cisco ISE.
So we configured our C35 Controller with a FW friendly guest ssid. And add ISE as MAC, Auth and Accounting Radius Server. We add the redirect URL we got from ISE und check the box to append the “stations mac” to the URL.
On ISE we configured a MAC Authentication Rule with the following result (non-auth Policy):
Radius Filter-ID = Enterasys:version=1:policy=guestNonAuthPolicy
Siemens-URL-Redirection = https://<FQDN>:8443/portal/g?p=xq1Bqk9FJ87FjsrD8HgmU7&
Radius Login-LAT-Port = 0
AND an “user authentication” Rule (auth Policy):
Radius Filter-ID = Enterasys:version=1:policy=guestAuthPolicy
Radius Login-LAT-Port = 1
If we connect to the SSID we got the redirect. The Extreme Controller adds the station MAC and a system generated Token to the URL (token is default) but we hit a bad request answer from ISE. If we remove the token manually from the redirect URL we reach the guestportal.
Is there any option to tell the Extreme Controller to NOT appand the token to the URL (maybe via CLI). Maybe with a firmware update?
Has somebody a working SSID against an ISE Portal?
thanks!
