Configuring CWA on WLC and ISE(Step by Step)
In this post we will see how to configure Central Web Authentication (CWA).
The topology in this example is as follows.
![](https://lihaifeng.net/wp-content/uploads/2019/09/Diagram-.png)
WLC configuration
1. Add RADIUS Authentication Server
![](https://lihaifeng.net/wp-content/uploads/2019/09/006-1024x549.jpg)
![](https://lihaifeng.net/wp-content/uploads/2019/09/006-1024x549.jpg)
![](https://lihaifeng.net/wp-content/uploads/2019/09/006-1024x549.jpg)
2. Configuring WLAN
![](https://lihaifeng.net/wp-content/uploads/2019/09/001.jpg)
![](https://lihaifeng.net/wp-content/uploads/2019/09/001.jpg)
![](https://lihaifeng.net/wp-content/uploads/2019/09/001.jpg)
![](https://lihaifeng.net/wp-content/uploads/2019/09/002.jpg)
![](https://lihaifeng.net/wp-content/uploads/2019/09/002.jpg)
![](https://lihaifeng.net/wp-content/uploads/2019/09/002.jpg)
![](https://lihaifeng.net/wp-content/uploads/2019/09/003.jpg)
![](https://lihaifeng.net/wp-content/uploads/2019/09/003.jpg)
![](https://lihaifeng.net/wp-content/uploads/2019/09/003.jpg)
![](https://lihaifeng.net/wp-content/uploads/2019/09/004-1024x495.jpg)
![](https://lihaifeng.net/wp-content/uploads/2019/09/004-1024x495.jpg)
![](https://lihaifeng.net/wp-content/uploads/2019/09/004-1024x495.jpg)
3. Configuring DNS for the virtual interface
Updated on November 5, 2019: this is actually not required.
![](https://lihaifeng.net/wp-content/uploads/2019/09/005.jpg)
![](https://lihaifeng.net/wp-content/uploads/2019/09/005.jpg)
![](https://lihaifeng.net/wp-content/uploads/2019/09/005.jpg)
4. Configuring ACL, Allow DNS and Radius server traffic
![](https://lihaifeng.net/wp-content/uploads/2019/09/007-1024x443.jpg)
![](https://lihaifeng.net/wp-content/uploads/2019/09/007-1024x443.jpg)
![](https://lihaifeng.net/wp-content/uploads/2019/09/007-1024x443.jpg)
and require additional configuration. See the links in the references for details.
Configuring ISE
1. Add Network Device
![](https://lihaifeng.net/wp-content/uploads/2019/09/010-1024x353.jpg)
![](https://lihaifeng.net/wp-content/uploads/2019/09/010-1024x353.jpg)
![](https://lihaifeng.net/wp-content/uploads/2019/09/010-1024x353.jpg)
![](https://lihaifeng.net/wp-content/uploads/2019/09/011-1024x517.jpg)
![](https://lihaifeng.net/wp-content/uploads/2019/09/011-1024x517.jpg)
![](https://lihaifeng.net/wp-content/uploads/2019/09/011-1024x517.jpg)
2. Add Network Access User
![](https://lihaifeng.net/wp-content/uploads/2019/09/012-1024x468.jpg)
![](https://lihaifeng.net/wp-content/uploads/2019/09/012-1024x468.jpg)
![](https://lihaifeng.net/wp-content/uploads/2019/09/012-1024x468.jpg)
3. Add Authorization Profile
![](https://lihaifeng.net/wp-content/uploads/2019/09/008-1024x391.jpg)
![](https://lihaifeng.net/wp-content/uploads/2019/09/008-1024x391.jpg)
![](https://lihaifeng.net/wp-content/uploads/2019/09/008-1024x391.jpg)
![](https://lihaifeng.net/wp-content/uploads/2019/09/009-1024x197.jpg)
![](https://lihaifeng.net/wp-content/uploads/2019/09/009-1024x197.jpg)
![](https://lihaifeng.net/wp-content/uploads/2019/09/009-1024x197.jpg)
4. Configuring Policy Sets
![](https://lihaifeng.net/wp-content/uploads/2019/09/014-1024x206.jpg)
![](https://lihaifeng.net/wp-content/uploads/2019/09/014-1024x206.jpg)
![](https://lihaifeng.net/wp-content/uploads/2019/09/014-1024x206.jpg)
![](https://lihaifeng.net/wp-content/uploads/2019/09/015-1024x409.jpg)
![](https://lihaifeng.net/wp-content/uploads/2019/09/015-1024x409.jpg)
![](https://lihaifeng.net/wp-content/uploads/2019/09/015-1024x409.jpg)
![](https://lihaifeng.net/wp-content/uploads/2019/09/016-1024x279.jpg)
![](https://lihaifeng.net/wp-content/uploads/2019/09/016-1024x279.jpg)
![](https://lihaifeng.net/wp-content/uploads/2019/09/016-1024x279.jpg)
Client connection
After the client connects to the SSID, open the browser to access any address, and the browser will redirect to the webauth page.
![](https://lihaifeng.net/wp-content/uploads/2019/09/013.jpg)
![](https://lihaifeng.net/wp-content/uploads/2019/09/013.jpg)
![](https://lihaifeng.net/wp-content/uploads/2019/09/013.jpg)
References
Central Web Authentication on the WLC and ISE Configuration Example
Troubleshooting Web Authentication on a Wireless LAN Controller (WLC)
Web Authentication on WLAN Controller
Wireless LAN Controller Web Authentication Configuration Example
Central Web Authentication with FlexConnect APs on a WLC with ISE Configuration Example
Recent Comments