cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2858
Views
1
Helpful
10
Replies

Guest broken after BYOD

tisnow
Cisco Employee
Cisco Employee

After testing some BYOD options, I was toying around with the guest services deployments.


I've removed all profiles/certs from the endpoint, removed the client from the BYOD Registered device, however, when the client tries to log in after being sponsor approved, this message is displayed


"Endpoint is already registered to another user"

I've disabled the "automatically register devices"  and that stops the automatic error message, but now clients are not put into the "GuestEndpoints" group.  So they are forced to click "enable registration"  to get them into that GuestEndpoints group which I use to denote that a client has registered.

Once they click "register device" they see the error ""Endpoint is already registered to another user"

So i'm stuck either way.

Ipad, Iphone and Android tested on ISE 2.1 patch 1

1 Accepted Solution

Accepted Solutions

Jason Kunst
Cisco Employee
Cisco Employee

Its a guest device so it wouldn't be known when first coming in and certainly wouldn't be going through byod

Did you delete the endpoint from ise?

View solution in original post

10 Replies 10

Jason Kunst
Cisco Employee
Cisco Employee

Its a guest device so it wouldn't be known when first coming in and certainly wouldn't be going through byod

Did you delete the endpoint from ise?

"After testing some BYOD options, I was toying around with the guest services deployments."

The client was used for BYOD testing, then we wanted to test some guest options.

I removed it as a registered device group, but when the guest system is set to "automatically register devices" it throws the error about the system.   I can indeed add the system MAC manually as a GuestEndpoint and then my guest flow works but my question is if i've hit a bug or why a pre-registered BYOD system, once removed from the Registered Devices is not able to be a guest.

Do we expect that we may never see a previously registered (then removed) BYOD device become a guest?

I understand what you were doing, my only point is that it's still in the endpoint database even though you removed it from the byod group, Did you delete the endpoint completely from ise?

I agree It could happen that a byod device later goes through guest but think the use case is rare

Can you advise how to remove it "completely" from ise?

I made the assumption removing it from the RegisteredEndpoints would allow it to be registered.


What happens if I have a registered device,  that employee leaves and it was provided to someone else to use as a Corporate Device that is registered?

In ISE 2.2 and perhaps 2.1 Context Visibility > Endpoints

Other releases

Administration > Identities > Endpoints

For your use case perhaps they have to handle how to transfer assets as it wouldn’t be registered to the correct person any longer

"Administration > Identities > Endpoints"

This purges the system from the Database whereas removing from the RegisteredDevices does not?

Is there any other options I need to look at as I'll have time in the morning to test this out.

Thanks Jason.

Correct, that should be it, make sure you remove the profiles from the endpoint, forget any SSIDs, turn off the wirlesss, clear the wireless session and then delete the endpoint from the database, that would be a clean guest endpoint coming in

Remove from registered devices just removes it from the group not from ISE database.

Hi Jason,

  So one device cannot be used on both BYOD and Corp wireless networks?

Please open a new thread and explain your use case needs

Confirmed the following

Deleting from the group as RegisteredDevices doesn't fix the problem

Deleting from Context>Endpoint does indeed solve the problem

Thanks Jason

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: