QID:EC902

[chewosaurus]

Hi,

Not really a subject I'm strong on however I believe the answer should be B and E (not B and D)

Why D is wrong:

The WLC does not need to know or list the portal FQDN under its virtual interface because it’s not hosting that FQDN or the certificate. Essentially, what I'm seeing is that D is only applicable when the WLC itself hosts the login portal or when you want the WLC to present a specific FQDN and certificate for HTTPS.  But in ISE deployments, particularly with CWA or guest portals, this does not apply.

Why E is correct: 

A new CSR is needed so that the certificate installed on ISE includes the new static FQDN in its SAN or CN field. Without this, browsers will show certificate errors when redirected to the guest portal.


If I am missing something let me know, thanks!

[help_desk]

We couldn't find a problem with the question; the correct answers are already B and E, not B and D

[chewosaurus]

We couldn't find a problem with the question; the correct answers are already B and E, not B and D

My fault, I probably shouldn't have said B and E as they are randomised anyway? (I think).

Correct:

"Add a new DNS record to resolve the FQDN to the PSN IP address"

"Create and sign a new CSR that contains the FQDN entry" (For ISE redirection, to prevent users getting certificate errors when redirected).

Wrong:

"Add the FQDN entry under the WLC interface" (A solution catered to toward having the guest portal hosted locally on the WLC, not via ISE)


Thanks