06-28-2018 11:39 AM
Greetings all,
I'm investigating ISE for our on-campus NAC which would include our residence halls wired/wireless. With our current NAC solution, we're doing MAB with wired and wireless along with a captive portal. The existing NAC has policy to exclude game consoles from the captive portal and basically just gives them a pass.
After installing the ISE trial, my first goal is to basically re-create what we already have with the other solution while adding ISE improvements where possible. Today, I created a basic WLAN for our residence network and started testing some devices against the policy. My Windows device worked fine, my PS4 had an issue with the AUP accept on the portal, and my Nintendo Switch (which is designed to work to a certain extent with captive portals) won't load it at all and just gives a 404.
I'm curious what people's experiences are with using captive portal with consumer devices? Would the best practices method instead give them access to a My Devices page that they should manually add these types of devices?
Thanks!
Solved! Go to Solution.
06-28-2018 12:33 PM
You can recreate the same policy with ISE as you were with current NAC system. Assuming you have Plus license you can profile the gaming device and (Optionally create a logical group for any gaming device you would like to exempt) and permit them without having to go through the guest flow.
06-28-2018 12:33 PM
You can recreate the same policy with ISE as you were with current NAC system. Assuming you have Plus license you can profile the gaming device and (Optionally create a logical group for any gaming device you would like to exempt) and permit them without having to go through the guest flow.
06-28-2018 01:04 PM
I'll check out what licensing we were qouted if we proceed with this. I was actually kind of hoping to get some sort of user ID for these consumer devices which would mean either a captive portal or a device registration page.
06-28-2018 01:42 PM
You are correct, only way to tie the user with the endpoint is either through my devices portal or forcing user to go through registration flow.
06-28-2018 06:45 PM
Higher Ed has been the largest segment for adoption of the BYOD Flow with My Devices Portal for just the situation you have described. I truly believe that is the answer to your dilemma. It will tie the username to the device and show up as such in the RADIUS Live Log\ as well as the Reports.
06-29-2018 06:09 AM
Can the BYOD Flow be utilized without Apex licensing? My understanding is the BYOD setup was more for doing onboarding with cert provisioning and potentially posture enforcement on a WPA2-Enterprise setup.
06-29-2018 06:11 AM
BYOD with certificate provisioning is a Plus licenses feature. Not Apex.
Regards,
-Tim
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide