cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1852
Views
0
Helpful
5
Replies

Need to use android phones with ISE

Got everything else done. I need for my clients to connect to the network using android or apple phones to do their work.

Have NO idea how to do this so please be slow and explicit on what needs to be done.

5 Replies 5

Arne Bier
VIP
VIP

Hello joseph.williams@atos.net 

 

I have more questions:

What are your NAC (Network Access Control) use cases?

e.g.

Wireless 802.1X , and if so, which EAP methods? Corporate managed devices, or personal devices - or both?

Guest Wi-Fi use cases?

 

Unless you be more specific we cannot guide you. But your question is wide open. I would suggest you provide more use case information, and also what you mean by "Got everything else done" - what does that mean exactly?

 

If you want to see real use case implemented in a video series, then have a look at https://www.labminutes.com

 

I need my users to be able to use their phones as if they were on the network (pc like). They need access to their assets on the network.

Got everything else doe. I have a working network and VPN. All other connectivity is established. My users were able to connect to my network via ACS and their android devices. I need to duplicate this.

It sounds like a very common use case. But the devil is in the details ;-) - you need to configure the end clients with some supplicant to allow them to perform wireless 802.1X. The most primitive/easiest method is EAP-PEAP - and generally you would tell users to use their AD login credentials and have ISE validate that on the AD server (check for authentication, and also AD Group Membership, etc.)

If you have this running on ACS then you can reverse engineer what you need. In most (simple) cases people create an SSID (WPA2/Enterprise) and point this to their RADIUS server (ACS/ISE). Sounds like you have this already.  You need to stand up an ISE server (a single STANDALONE node will suffice) and you should be able to use the factory default Policy Set.

 

In fact, fresh ISE installs have a Wireless setup wizard that you can run - it will guide you through the process. I have never used it but I believe it's quite good. 

 

There is also an ACS to ISE migration (depending on your version of ACS). Your ACS system keeps running and is used as a source of config data by the migration tool. Might be worth considering too.

 

The entire process is not complex - but if you have never done it before then you will need to cover the basics of ISE install, setup and Policy Set configuration. www.labminutes.com has excellent videos that you can watch and the principles are explained very slowly and easily. There is a learning curve with any new product and you will probably end up getting documentation from various sources. You have to start somewhere.

 

If you don't have a license, then use the 90 day eval to figure things out.

Again, this is no help. I have repeat have a functioning ISE system. Since ACS and ISe are quite different, how to you reverse engineer?
I am using 2.4. Where is the 'wireless setup wizard. I don't see one.

I don't think you'll have much luck on this forum if you're looking for someone to show you everything step by step. Figure out where exactly you're getting stuck, show some attempts (success/failures) and then the Community can chip in. Your descriptions are so vague that it's hard to figure out what it is that you want.

 

The Wizard is only visible on new installs. I have not quite figured out how to re-enable it again if you have upgraded from say, 2.2 to 2.4 - the "application configure ise" has an option to enable/disable this wizard but it doesn't work in my case.

 

Click on the icon shown below for the wizard. YMMV

wizard.png

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: