Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3643
Views
0
Helpful
7
Replies

BYOD - Android Onboarding Issues

Go to solution
rchockeelopez
Level 1
Level 1

‎02-17-2017 03:04 PM

Hi,

We got issues with some Android phones that is disconnecting the Wifi connection during the BYOD process when you try to navigate to Google Play.

BYOD Android Error.png

Hope you can help.

Regards.

1 person had this problem
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
hslai
Cisco Employee
Cisco Employee

‎02-18-2017 05:21 PM

In my experience, WLC will drop the client session, if the ACL is not allowing to go to Google play store or to download the app via Google content delivery network . I would suggest either (1) pre-download and pre-install Cisco NSA app using another WLAN or connection or (2) update the ACL.

View solution in original post

0 Helpful
7 Replies 7

Go to solution
howon
Cisco Employee
Cisco Employee

‎02-17-2017 03:17 PM

Can you provide device information and Android OS version? Also the version and patch of ISE as well. Thank you.

0 Helpful

Go to solution
rchockeelopez
Level 1
Level 1
In response to howon

‎02-20-2017 01:59 PM

I have issues with Android 5.1 and 6.0. ISE has 2.1 and patch 3.

Regards.

0 Helpful

Go to solution
hslai
Cisco Employee
Cisco Employee

‎02-18-2017 05:21 PM

In my experience, WLC will drop the client session, if the ACL is not allowing to go to Google play store or to download the app via Google content delivery network . I would suggest either (1) pre-download and pre-install Cisco NSA app using another WLAN or connection or (2) update the ACL.

0 Helpful

Go to solution
ldanny
Cisco Employee
Cisco Employee

‎02-19-2017 12:42 AM

take a look at this post for full ACEs and DNS ACL requirements.

https://communities.cisco.com/thread/62901

Note:

flexconnect mode does not support URL ACLs

wlc version 8.2+ will allow up to  20 DNS ACLs , eariler versions are limited to 10.

0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to ldanny

‎02-19-2017 01:21 AM

Keep in mind if doing peap to eap-tls single ssid on boarding you can always allow internet but require on boarding once they try to access internal access

then no acl issues

0 Helpful

Go to solution
rchockeelopez
Level 1
Level 1
In response to Jason Kunst

‎02-19-2017 08:17 PM

Hi Jason, i got single ssid on boarding. Can you explain more your point? I did not understand what you try to explain...

0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to rchockeelopez

‎02-20-2017 12:41 AM

instead of redirecting everything to ISE instead only redirect internal websites. Allow all the internet sites

They connect with PEAP and are able to access internet (allows them access to app store as well)

When they want to get access to internal resources they are redirected by the REDIRECT ACL to ISE and are required to onboard.

This way don't have to deal with DNS based ACLs, cloud based services, etc since the whole internet is allowed and they can easily use the app store

0 Helpful
Customers Also Viewed These Support Documents