Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
877
Views
0
Helpful
2
Replies

Network password prompt appear on Android 6.x/7.x after upgrade of ISE from 2.1 to 2.3

Go to solution
vinmangal
Level 1
Level 1

‎10-28-2018 03:56 AM

Hi Cisco exper team,

 

After upgrading ISE Cluster infra from 2.1 to 2.3, We are getting this additional password prompt as "Network  password" on Android phones while trying to register our Android smart phone 6.x/7.x and on above version phones

 

Please advise on following

  • Is it some additional security policy (for which  TCP Port 8084 needs to be open between user phone subnet to ISE-PSN).?
  • Is there a way this additional password prompt can be removed
  • Is there any other type of phones which could be affected after upgrading of ISE from 2.1 to 2.3
  • What changes we need to do in Authorization and authentication policy for continue support on apple i phones, Android smart phones

 

 

Thanks...!

Preview file
332 KB
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
hslai
Cisco Employee
Cisco Employee

‎10-28-2018 10:10 AM - edited ‎10-28-2018 10:54 AM

This is due to Cisco Network Setup Assistant for Android employing RFC 7030 - Enrollment over Secure Trans... 

directly with ISE 2.2+

 

  • Is it some additional security policy (for which  TCP Port 8084 needs to be open between user phone subnet to ISE-PSN).?

Yes, permitting TCP 8084 to PSN. See CSCvf77241

 

  • Is there a way this additional password prompt can be removed

 Not an option at present.

 

    This change is due to
  • Is there any other type of phones which could be affected after upgrading of ISE from 2.1 to 2.3

As you mentioned, Android 6+. 

 

  • What changes we need to do in Authorization and authentication policy for continue support on apple i phones, Android smart phones

See 

View solution in original post

0 Helpful
2 Replies 2

Go to solution
hslai
Cisco Employee
Cisco Employee

‎10-28-2018 10:10 AM - edited ‎10-28-2018 10:54 AM

This is due to Cisco Network Setup Assistant for Android employing RFC 7030 - Enrollment over Secure Trans... 

directly with ISE 2.2+

 

  • Is it some additional security policy (for which  TCP Port 8084 needs to be open between user phone subnet to ISE-PSN).?

Yes, permitting TCP 8084 to PSN. See CSCvf77241

 

  • Is there a way this additional password prompt can be removed

 Not an option at present.

 

    This change is due to
  • Is there any other type of phones which could be affected after upgrading of ISE from 2.1 to 2.3

As you mentioned, Android 6+. 

 

  • What changes we need to do in Authorization and authentication policy for continue support on apple i phones, Android smart phones

See 

0 Helpful
Customers Also Viewed These Support Documents