topic MDM in BYOD setup in Wireless

MDM in BYOD setup

vijay kumar — Sun, 04 Jul 2021 08:00:33 GMT

Hi all ,

we are going to configure BYOD for wireless in our lab. We are having the components of WLC ,ISE ,AP ,switch , router . Our requirements are

1) corporate laptop security check(some firewall updates are uptodate like that) through NAC agent with ISE.

2) Guest laptops with normal guest internet without any cheking

3)corporate mobile devices andriod , blackberry , apple phones allowed to access BYOD WLAN . but andriod devices are not allowed.

We are not sure about how we can integrate MDM in ISE . role of MDM ? . How to configure MDM for the last requirement we given.

Any freeware MDM supported by ISE.

Thanks ,

Regards,

Vijay

MDM in BYOD setup

aqjaved — Tue, 08 Oct 2013 17:29:15 GMT

Case Solution:

MDM Integration Process Flow

This section describes the MDM integration process:

1. The user associates a device to SSID.

2. (Optional) If the device is not registered, the user goes through the device on-boarding flow.

3. Cisco ISE makes an API call to the MDM server.

4. This API call returns a list of devices for this user and the posture status for the devices.

5. If the user's device is not in this list, it means the device is not registered. Cisco ISE sends an authorization request to the NAD to redirect to Cisco ISE. The user is presented the MDM server page.

6. Cisco ISE uses MDM to provision the device and presents an appropriate page for the user to register the device.

7. The user registers the device in the MDM server, and the MDM server redirects the request to Cisco ISE (through automatic redirection or manual browser refresh).

8. Cisco ISE queries the MDM server again for the posture status.

9. If the user's device is not compliant to the posture (compliance) policies configured on the MDM server, the user is notified that the device is out of compliance and must be compliant.

10. After the user's device becomes compliant, the MDM server updates the device state in its internal tables.

11. If the user refreshes the browser now, the control is transferred back to Cisco ISE.

12. Cisco ISE polls the MDM server once every four hours to get compliance information and issues Change of Authorization (CoA) appropriately.

Setting Up MDM Servers with Cisco ISE

To set up MDM servers with Cisco ISE, you must perform the following tasks:

1. Importing MDM Server Certificate into Cisco ISE

2. Creating Mobile Device Manager Definitions

3. Configure ACLs on the Wireless LAN Controllers.

See "Configure ACLs on the Wireless LAN Controller for MDM Interoperability" section for more information.

4. Configuring an Authorization Profile for Redirecting Nonregistered Devices

5. Configuring Authorization Policy Rules for the MDM Use Cases

For complete configuration, please check the below link.

http://www.cisco.com/en/US/docs/security/ise/1.2/user_guide/ise_man_network_devices.html#wp1209564

MDM in BYOD setup

Abha Jha — Tue, 08 Oct 2013 18:56:00 GMT

MDM and BYOD are the new feature supported on ISE 1.2.

Please find the link to integrate MDM to ISE:-

http://www.cisco.com/en/US/docs/solutions/Enterprise/Borderless_Networks/Unified_Access/BYOD_MDM_Int.pdf

Re: MDM in BYOD setup

vijay kumar — Wed, 09 Oct 2013 03:23:06 GMT

Thanks a lot aqeel for the detailed steps...... But can you plase tell me any MDM server that I can use for trial period?

Thanks,

Regards,

Vijay.