I'm testing ISE onboarding and configured authentication/authorization rules on ISE. I also have a internal Windows server which I've configured it to be my internal CA server. My WLC is 2504 (software version 184.108.40.206 and field recovery image version 220.127.116.11).
I started to test with an Android mobile device. After successfully authenticating with Active Directory, I redirected to BYOD portal where I was pushed to download Cisco Network Assistant from Google Play. But the issue is I got this message on my Android device. How can I resolve this certificate issue on WLC?
During which stage of the on-boarding process do you get that error? The error message indicates that there is a proxy and/or another device on your network that is deencrypting/inspecting SSL/TLS traffic. Can you expand on the technical details and provide a screenshot of the certificate that is being used to encrypt the connection?
Thank you for rating helpful posts!
I wanted to try to do the same, but before that, I got stuck at the beginning because I got these messages. Where I should change this option? On WLC or on ISE? I tried but didn't managed to affect that.
06-08-2018 14:21:37 Local0.Warning 10.1.206.205 CWLC: *Dot1x_NW_MsgTask_7: Jun 08 11:21:31.456: #DOT1X-4-AAA_MAX_RETRY: 1x_bauth_sm.c:404 Max AAA authentication attempts exceeded for client 04:4f:4c:3b:8a:67 06-08-2018 14:21:37 Local0.Info 10.1.206.205 CWLC: *Dot1x_NW_MsgTask_7: Jun 08 11:21:31.456: #APF-6-MOBILE_EXCLUDED: apf_ms.c:6232 Excluded the mobile 04:4f:4c:3b:8a:67.
10.1.206.205 belongs to Cisco WLC. The MAC address in log message belongs to my Android device.
All I found was Wireless Client Exclusion Policy and I disabled it.
But after a while, something resets the failure and I get this message on ISE RADIUS live log page:
I will send the details if I can get rid of this error.