This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
Although I understand the main concept but I have confusion about why there are so many web related things available in ISE. I beleive BYOD is the best thing that you register your device to ISE and its easy to go. I havent checked the full configuration of BYOD but go through CWA,LWA and sponsor portals.
Can anyone describe more in terms of examples like where we can use CWA,LWA, Sponsor portals?
Solved! Go to Solution.
Web authentication on the wireless network can be done with the help of Cisco ISE server.
2 types of web authentification:
First type (LWA) – the WLC redirects HTTP traffic to an internal or external server, where the user is offered the option of entering the credentials. WLC then downloads these credentials (sent via the HTTP GET request, in the case of an external server) and tries RADIUS authentication. In the case of a guest user, an external server is required (eg ISE or NAC Guest Server (NGS)) because the portal provides options such as device registration and self-provisioning.
The LWA process follows the following steps:
This process involves many redirects. LWA also requires 2 certificates; one on the WLC, and the other on the ISE.
The new approach, which simplifies the authentication process, is with the help of central web authentication – CWA (running from ISE version 1.1 and WLC version 7.2 … so long ago).
In this case, only one certificate is required – on the Cisco ISE … because the controller only passes the authentication request.
The CWA process follows the following steps: