cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

790
Views
0
Helpful
3
Replies
ciscoworlds
Enthusiast

ISE onboarding sith internal CA server

Hi;

 

I'm testing ISE onboarding and configured authentication/authorization rules on ISE. I also have a internal Windows server which I've configured it to be my internal CA server. My WLC is 2504 (software version 8.0.121.0 and field recovery image version 7.4.1.30). 

I started to test with an Android mobile device. After successfully authenticating with Active Directory, I redirected to BYOD portal where I was pushed to download Cisco Network Assistant from Google Play. But the issue is I got this message on my Android device. How can I resolve this certificate issue on WLC?

 

Screenshot_20180607-164220.png

 

Thank you. 

3 REPLIES 3
nspasov
Cisco Employee

During which stage of the on-boarding process do you get that error? The error message indicates that there is a proxy and/or another device on your network that is deencrypting/inspecting SSL/TLS traffic. Can you expand on the technical details and provide a screenshot of the certificate that is being used to encrypt the connection?

 

Thank you for rating helpful posts!

Hi;

I wanted to try to do the same, but before that, I got stuck at the beginning because I got these messages. Where I should change this option? On WLC or on ISE? I tried but didn't managed to affect that. 

 

 

06-08-2018 14:21:37 Local0.Warning 10.1.206.205 CWLC: *Dot1x_NW_MsgTask_7: Jun 08 11:21:31.456: #DOT1X-4-AAA_MAX_RETRY: 1x_bauth_sm.c:404 Max AAA authentication attempts exceeded for client 04:4f:4c:3b:8a:67



06-08-2018 14:21:37 Local0.Info 10.1.206.205 CWLC: *Dot1x_NW_MsgTask_7: Jun 08 11:21:31.456: #APF-6-MOBILE_EXCLUDED: apf_ms.c:6232 Excluded the mobile 04:4f:4c:3b:8a:67.

10.1.206.205 belongs to Cisco WLC. The MAC address in log message belongs to my Android device. 

All I found was Wireless Client Exclusion Policy and I disabled it. 

wlc.png

 

But after a while, something resets the failure and I get this message on ISE RADIUS live log page:

 

wlc2.png

 

I will send the details if I can get rid of this error.

Guys! any idea?! 

I'm getting this message:

ise1.png

Content for Community-Ad