Tyson is right. Please note that LWA is a deprecated feature according to Cisco. It is recommended based on the WLC version to use CWA.
LWA was just a stepping stone or a start for guest authentication using web/ users without supplicant. Later on got integrated with NAC guest server as CWA and now with ISE. Hosting of the webpages moved from the routers/switches then to on NAC guest server and finally to ISE. It was very difficult to customize the portal when using LWA on router/switches. Samarth Chidanand Sr Instructor / Developer - IPexpert CCIE #18535 (R&S, Security) CCSI #34585 From: [email protected] [mailto:[email protected]] On Behalf Of Tyson Scott (tyscott) Sent: Friday, April 19, 2013 12:25 AM To: Rodrigo Alves dos Santos; [email protected] Subject: Re: [OSL | CCIE_Security] ISE Public Cert If you are doing LWA then you need a valid certificate on the WLC and the ISE Guest Portal I recommend changing the configuration on the controller (if you are running 7.2 or above) to do MAC auth and NAC Control and change to Central Web Authentication. All the documentation is here: http://www.cisco.com/en/US/solutions/ns340/ns414/ns742/ns744/landing_DesignZ one_TrustSec.html Regards, Tyson Scott From: [email protected] [mailto:[email protected]] On Behalf Of Rodrigo Alves dos Santos Sent: Thursday, April 18, 2013 2:17 PM To: [email protected] Subject: [OSL | CCIE_Security] ISE Public Cert Hi Guys, Someone here have already configured public cert to ISE web auth portal? On WLC I'm redirecting the portal to ISE. I have generated on ISE the CSR and paid for a cert on http://www.digicert.com (I used "Apache" for certificate type because I didn't find Web Server like Windows CA) but after import the cert to ISE I'm still getting the msg that source is not trust. I have doubt If I should use a valid cert to WLC that is redirecting de page and show the IP 1.1.1.1 or to ISE. Anybody can clarify this doubt and send some usuful doc? Atenciosamente, Rodrigo Alves
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
