topic LWA Support for Provisioning in Network Access Control https://community.cisco.com/t5/network-access-control/lwa-support-for-provisioning/m-p/2034020#M147538 <HTML><HEAD></HEAD><BODY><P>When you use LWA (Local Web Authentication) the NAD device (Switch, wireless lan controller, etc) is providing the Web Authentication Services. For example, on the WLC clients get redirected to the built-in WebAuth Guest page. As a result, the clients will never reach ISE for them to utilize the web services (web auth, device registration, provisioning etc). You will need to run version 7.2 and above on your WLC and use CWA. I hope this makes sense.</P><P></P><P>Thank you for rating!</P></BODY></HTML> Wed, 31 Oct 2012 02:11:16 GMT nspasov 2012-10-31T02:11:16Z LWA Support for Provisioning https://community.cisco.com/t5/network-access-control/lwa-support-for-provisioning/m-p/2034019#M147537 <P>My Desired flow is:</P><P></P><P>Guest SSID - Open Access. </P><P>&nbsp;&nbsp;&nbsp;&nbsp; If WebAuths as a Guest User, apply ACL-GUEST-ACCESS and stop</P><P>&nbsp;&nbsp;&nbsp;&nbsp; If webauth's as a user that is a member of AD group X, go to client provisioning portal.</P><P></P><P></P><P>I've tried using CWA, and I get "We are unable to determine access privileges in order to access the network. Please contact your administrator." </P><P>Since the 4400 and 2100 WLCs are supported for ISE using LWA only (no&nbsp; CWA support), I think this is why.</P><P></P><P></P><P>&nbsp; The below log appears in the authentications screen: (not very helpful is it)</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <IMG src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAABcUAAAAZCAIAAAB/8dGxAAAJSElEQVR4nO3d/2+bRwHHcf8D7Kf8NgosZR2gwVgRIBFCA6VT5zbAaEUFlYaQJwgtMGkCtF8guE1ITYTWOm2kVIxNokNbs60doc2E2qXNRNhIPNatgFqnWRtlJt/6JE2ypEnqmB9OOV3uuef82HnyOE3f0esH73z33Nl7njT38T3nyPjkB5qxyWkAAAAAAAB4ibjzlPfeHwEAAAAAAIAX8hQAAAAAAIDCGPIUJ+cAAAAAAADAC3kKAAAAAABAYSLjk1Oako8JAAAAAABgNSNPAQAAAAAAKAx5Cor36rVze49WReNlFnuPVp0ZeD2EwWQyg5r+/oF0+ko6fSWTGSz5ewUAAABghaR6UxWVFSUfBu40Becpre2t5Ys/iWTCUrOisiLVmzI+Va782AuNbfMeyqu7QvsSL9Y+gLwjNA7A6yWo75h8q9VfDcZCIdWbcr8uURiriclqsZpY3pfgUzRe9qvXKms7quLnNu87v2X/+Yekfee3xM9tru2o+nXHpr1HqwLpzi6TGRwbm3C7fLm3pyc1OjoWwhgAAACKU1FZwWwQq1YimZCzDHVmURzLPFFW8HM5qMdZfp6Sd1SAW2RsckpjqS0uJPmf9kjF64xM9aZkq0QyIc57Y6FGBAHqAPy0qqisaG1vdXJOa3uruPj9tHKUeMIygLwjNA7A8m7ItsaBWUYrB+x+Y7XwJW+K5F80XvZ4+yfyisbLAunOLpMZHB+/4TY0NNzV9cb09Mz1sRUfAwAAQBHEVFD7aA1YJbQ54ErnKf4vB/IUlFxheYqMBgRt+YY478XsXT42rqSQ1AjAXih5PeXVSlupYWkVq4lpuYOxiVaitXJXsA/AazD215K3uXwsHiSSCTXTWat5yo0bk27DwyMdHee6ut7o6UkNjQ8H3m9jKh050CkeRw50ns0MBHLYs5kBeVgAALC2JZKJRDIRq4nJj9nE5FB+Viemeeqf4q3traxnQTjKy8vVOaCg5hdaliFngjKekGey+NDXPk/0uhy0x9pxjJeMcTxeF5ef2SugKSBP8QoXxCkYq4lpUaWfhK+IVRheWYCxlTFi8GqlJiPyn6tl5il5B6AdSvzWEP9AykvaUpj3xYoH8vdOrCZmvImpOJY8ZcvR9dF42bePbQgzT5mYmHIbGRkV0ukrly6lV3QMAeYpAADgziH+bNYmjXISK6MTdbGz+KOu5CPHmuc1hfHKU7QZjbM0+xNP2eeJxsvB+Fhbn+K+ZIzj8arJ+hQUITI2MaXxquqVp3jlDn7OSGPYaSxUn/V/KG3M7mVjxlZqGpo3T7GPMO8ABHlHovhPLfIQgzQWer1YGW/JQpna5o11/JN5ys9O6wtS2i69dD03LiqElqdMTU3b9fVdDbzfyIFOsZBEPJCcxTUmgshZRMm65i6fhcan1H7d5QAA4PZinB96TSDta5mBwGmJg5yz5D1FncW5j3stlWWeWNDl4HW/j308fo4G+BRAniJOyiLyFOMiC2OhVsHnoZx8y0O8WqnLQNwLxorOU/zf76P90hH5jrHQ3VxbpSaPKVbiJJKJwPOU3S/cG42XbT1yjwhTNh/68N96X5nITb01/OZXn7onzDxlenrGbiW+6Ee9MccdeTSm0o5yT5CoLAp3tV3IW6g+pd1YtKvtgrFTAABwe1F3+pR/ndo//Bd3Q5R85LgTaHMHdRW8+xTVvh+j3HU3jfg82DJPLOhyyJunGMdDnoIAFZCnON77pxSRpxSxMkXWKaiVV5zhpy+v7gpq4j9PcZQQV60p8xR3odrWvkGMvPEn8DwlGi/rG7/0avpkNF627am7z/S1TeduvjOSkqtXQstTZmZmNc+/0Brf/9tDycP76hpeevlkmHmKtgGKeKrQQvUp+dhYP4R3GAAArATjnNB+swMTP4RJnTdpkwtZaFwPopE7LVhOYK/LwdhXoetT7DW5rFCEwvIUy/f7iE191MqWuzr9hyl+dnu1xyLGr9fx2Ze7O3dJ3hEaByBbyZ1inaW3+ahxrEx2jYWSPU+xVyuOSEy+cfgjZ/va5nLzz6WaTrzzzHzu1rvDKXVrldDylNnZOdVPHn/iwS98ufqHBx+Ln3z0ieRD0eqf/+LJwPv1ylPU5STO4lqVQPIU95HJUwAAuE2p0znB/hG6wzcrI3TqHND9Ya2zdEKkfugr5j5igbyjzIa85omWy8GrLzXose/nIsdjqamOSutIfVzy/yNYPQrLU5zFOb+6/kqS67jUnTvKXTskq0eQ676Mhc7S4ENuwlyubNFqbKWRz1oG4PjIU9wDcFxXl/HN0QagttIWoRmHrb4oyystVZ4iEpPOq+3ZXDaby15cGqaEmafMKT9/OnbsMxu/+PsX+97uz2YXcv9+P9v812tfqqx6+s9/DLbfotenGNebaIWsTwEAYG1z37kjpn+WPIWdaBE+9TYcOc2RhdoXg1Qo3/rqLJ18iQpe80Svy8GrL/U49ghS7c6y+EutRp4CPwrOU8LkTiixqmiLULoznZmJa+4v/QktT5mfvyVtebh650+bjv9zbvJmbmw6N3kz9/f0rV17f/etnd8Jtl813VjX3CX2OhG89k8Rz+5qu7CuucteaMxT1CPLaiU/GQAAQDiC+mAMALBMqzpPEbttlXwY8KJFJ1sb747Gy7Tv+gkzT8kqP5WbvvajuhNn/pPtG1n47/8WrgwvvH45W1N3Yuu26mD7dUcexu/3cVfwU+iVp4iARmsCAADWPHaiBYDVY1XnKVjl3EtRjELLU3K5BenRHzz2yJ7kqbfneq7m3nwvl7qW+8tb8ztqDmzeuj3YfrXdTOy0W3Ushcs5IAAAAABgpZGnoEjXF67vadnkJ0/Z0/KV0ezoSo8nkxnMKT+nTp1ef9/9tc9efLl79vS7Cy92z9Y+e/HeTz6w7ZsB5ykF3W4TVJ6yrrmLxSkAAAAAUELkKSjSwEz//lcaovGyvH753JP9H1xd6fF0pDoO/eHQ4WcOSzu/t/tjH7/v67trt//4yMPf/81H12+4/4GNO767o+RvHQAAAADgdkeegiINzQ11/Ou1ludbGlsaG4401DfV1zfV1yXrpPqm+oYjDQefPtj+j/ah+aGQh9d9ufv46ePbH6n+9IOf/+zGz5Vv+NSH7rorEokkmtiRBwAAAACwXOQpAAAAAAAAhSFPAQAAAAAAKMz/Aab36jcltIpfAAAAAElFTkSuQmCC" /></P><P></P><P></P><P></P><P>So I think I need to do a AuthZ rule resulting in a profile using webauth against the provisioning portal, not CWA? If so, I can't seem to wrap my head around a workable rule to match this. Any hints on making this work? All&nbsp; the TrustSec 2.0 and 2.1 docs center around CWA only.</P> Mon, 11 Mar 2019 02:42:31 GMT https://community.cisco.com/t5/network-access-control/lwa-support-for-provisioning/m-p/2034019#M147537 zztopping 2019-03-11T02:42:31Z LWA Support for Provisioning https://community.cisco.com/t5/network-access-control/lwa-support-for-provisioning/m-p/2034020#M147538 <HTML><HEAD></HEAD><BODY><P>When you use LWA (Local Web Authentication) the NAD device (Switch, wireless lan controller, etc) is providing the Web Authentication Services. For example, on the WLC clients get redirected to the built-in WebAuth Guest page. As a result, the clients will never reach ISE for them to utilize the web services (web auth, device registration, provisioning etc). You will need to run version 7.2 and above on your WLC and use CWA. I hope this makes sense.</P><P></P><P>Thank you for rating!</P></BODY></HTML> Wed, 31 Oct 2012 02:11:16 GMT https://community.cisco.com/t5/network-access-control/lwa-support-for-provisioning/m-p/2034020#M147538 nspasov 2012-10-31T02:11:16Z LWA Support for Provisioning https://community.cisco.com/t5/network-access-control/lwa-support-for-provisioning/m-p/2034021#M147539 <HTML><HEAD></HEAD><BODY><P><STRONG>Kindly review the below link:</STRONG></P><P></P><P> <STRONG><A href="http://www.cisco.com/en/US/docs/security/ise/1.1.1/compatibility/ise_sdt.html">http://www.cisco.com/en/US/docs/security/ise/1.1.1/compatibility/ise_sdt.html</A></STRONG></P></BODY></HTML> Wed, 22 May 2013 09:31:22 GMT https://community.cisco.com/t5/network-access-control/lwa-support-for-provisioning/m-p/2034021#M147539 manjeets 2013-05-22T09:31:22Z