cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
522
Views
0
Helpful
2
Replies

How to prevent Mobility Express from intercepting ISE Guest Portal SSL session?

ajtm
Level 1
Level 1

We have implemented CWA Guest Authentication flow with Cisco ISE and public wildcard certificate.

The captive portal is displayed correctly in IOS devices but we’re facing some issues with Android devices.

After some tests we detected that the issue may be caused by an invalid certificate that is introduced by the Mobility Express WLC (self signed cert). We’ve issued the command ‘config network web-auth secureweb disable’ and reloaded the WLC/APs but the issue persists.

 

2 Replies 2

Hi,

 If you have ISE you dont need to use CWA. I´m not expert in ISE but on my network the WLC does not need to send portal anymore. 

  Enable "Allow AAA Override". Enable mac filter on Layer 2 security and Layer 3 as none. 

 

 

-If I helped you somehow, please, rate it as useful.-

Hi,
This is not a "standard" WLC but a Virtual WLC - Mobility Express solution.
The configuration in Mobility Express is a little but different of "standard" WLC. CWA is the way to implement, and the proof is that IOS devices and Windows browsers are redirect to ISE guest portal. What I can see is that all the https (tcp/443) is somehow intercepted by the Access Point - the AP cert is presented.
Review Cisco Networking for a $25 gift card