https://community.cisco.com/t5/network-access-control/ise-byod-mac-onboarding/m-p/3836982#M473973 I don’t understand why you would think about doing this.<BR /><BR />If you’re using dot1x you’re using some sort of saved credentials. Either cert of username/password. You need these for proper authentication, otherwise it won’t work.<BR /><BR />MAB is used on open networks or perhaps even WPA-PSK and can register a device into an endpoint group<BR />see cisco live - <A href="https://www.ciscolive.com/global/on-demand-library.html?search=federico%20z%20barcelona#/session/1532112828591001teh9" target="_blank">https://www.ciscolive.com/global/on-demand-library.html?search=federico%20z%20barcelona#/session/1532112828591001teh9</A><BR />guest design guide under <A href="http://cs.co/ise-guest" target="_blank">http://cs.co/ise-guest</A> and <A href="http://cs.co/ise-byod" target="_blank">http://cs.co/ise-byod</A><BR /><BR /> Thu, 11 Apr 2019 16:30:33 GMT Jason Kunst 2019-04-11T16:30:33Z https://community.cisco.com/t5/network-access-control/ise-byod-mac-onboarding/m-p/3836332#M473968 <P>for BYOD, can we USE MAC Address instead of Cert ?</P><P>we have Customer with ISE 2.4, does not wants to use cert onboarding and wants to keep mac address without adding?</P><P>Flow should be like This.&nbsp;</P><P>end devices connect to BYOD&nbsp;SSID, then ask for ad user/password. then ISE keep mac and next time ISE should not ask user/password. and next time use mac for authentication.&nbsp;</P><P>Customer does not want to add mac manually. after first time login with AD username/password. ise&nbsp;should Keep its mac for certain period.</P><P>&nbsp;</P> Wed, 10 Apr 2019 20:57:28 GMT https://community.cisco.com/t5/network-access-control/ise-byod-mac-onboarding/m-p/3836332#M473968 azhar_eaggle1 2019-04-10T20:57:28Z https://community.cisco.com/t5/network-access-control/ise-byod-mac-onboarding/m-p/3836452#M473969 <P>This is just standard sponsored guest portal setup.&nbsp; In the sponsored guest portal you have the options to set a guest type for "Employees using this portal".&nbsp; That guest type is tied to an endpoint identity group.&nbsp; You decide how often to purge that identity group.&nbsp;</P> <P>&nbsp;</P> <P>So employee connects to the SSID, gets redirected to the portal, enters their AD credentials, optionally accepts an AUP page and then their MAC address is added to the endpoint identity group you specified in the employee guest type.&nbsp; How often you purge the endpoint identity group determines how often the employees have to see the portal.</P> Thu, 11 Apr 2019 02:27:24 GMT https://community.cisco.com/t5/network-access-control/ise-byod-mac-onboarding/m-p/3836452#M473969 paul 2019-04-11T02:27:24Z https://community.cisco.com/t5/network-access-control/ise-byod-mac-onboarding/m-p/3836462#M473971 I recommend understand the respective prescriptive guides under <A href="http://cs.co/ise-byod" target="_blank">http://cs.co/ise-byod</A> and ise-guest<BR /> Thu, 11 Apr 2019 02:39:33 GMT https://community.cisco.com/t5/network-access-control/ise-byod-mac-onboarding/m-p/3836462#M473971 Jason Kunst 2019-04-11T02:39:33Z https://community.cisco.com/t5/network-access-control/ise-byod-mac-onboarding/m-p/3836982#M473973 I don’t understand why you would think about doing this.<BR /><BR />If you’re using dot1x you’re using some sort of saved credentials. Either cert of username/password. You need these for proper authentication, otherwise it won’t work.<BR /><BR />MAB is used on open networks or perhaps even WPA-PSK and can register a device into an endpoint group<BR />see cisco live - <A href="https://www.ciscolive.com/global/on-demand-library.html?search=federico%20z%20barcelona#/session/1532112828591001teh9" target="_blank">https://www.ciscolive.com/global/on-demand-library.html?search=federico%20z%20barcelona#/session/1532112828591001teh9</A><BR />guest design guide under <A href="http://cs.co/ise-guest" target="_blank">http://cs.co/ise-guest</A> and <A href="http://cs.co/ise-byod" target="_blank">http://cs.co/ise-byod</A><BR /><BR /> Thu, 11 Apr 2019 16:30:33 GMT https://community.cisco.com/t5/network-access-control/ise-byod-mac-onboarding/m-p/3836982#M473973 Jason Kunst 2019-04-11T16:30:33Z