Hmm that is interesting.

Josh Morris · ‎08-07-2014

On my Guest SSID, I have a custom CWA page. It works for everyone except for one Android device.

I see the device meet the criteria to hit a certain authorization profile, one that I know has a CWA action of hitting my custom page. This is the same rule all other guests hit. Except, instead of going to the custom page, this device goes to the Cisco default portal.

This is very odd. All log entries look correct, but what the user is seeing is not. The device matches the profile 'Android-Samsung'.

nspasov · ‎08-07-2014

Can you confirm if the device is hitting your authorization rule or is it hitting the default one?

Thank you for rating helpful posts!

Josh Morris · ‎08-08-2014

I have confirmed it is hitting the right authorization rule. My web-auth redirection rule is simple...

If the client is Wireless MAB AND it is coming from WLAN ID 12, then redirect to CWA.

My default rule is actually DenyAccss, and there is no other rule for CWA. It's just like this one device can't process the custom webauth page.

mohanak · ‎08-08-2014

Android devices need to be treated differently than iOS Devices and/or Windows. This is partially because no two Android devices are exactly the same, but also because of the requirement to use a supplicant provisioning App to configure the Supplicant and Certificate for Android.

Please recheck the config:

http://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise/design-zone-security/howto_61_byod_provisioning.pdf

nspasov · ‎08-08-2014

Hmm that is interesting. Haven't ran into this problem before. I wonder if something in the Andorid browser is being cached. When you open the browser do you at least see the device trying to go to the redirect URL?

Can you also post screen shots of your AAA policies in ISE

Thank you for rating helpful posts!

Certain Android device does not get custom CWA page