This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC!
We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
I have just upgraded my OnePlus 6 to Android 10. It has broken my EAPTLS BYOD service because it now automatically uses Randomised MAC when connecting to wireless networks.
My ISE authorisation policy includes the condition "MAC_in_SAN" which my device now fails on. Remove the condition and it works.
Now you can actually configure it to "Use device MAC" but the default is "Use randomised MAC (default)" BUT To add insult to injury the upgrade has also changed my device Wireless MAC address which also breaks the "MAC_in_SAN" policy condition.
Do Cisco have any guidance on this?
Solved! Go to Solution.
First, disabling the ISE policy authorisation condition MAC_in_SAN is not an option. This is part of the security and the only way to check the identity of the client device.
I have a fix for a Dual SSID BYOD solution, it's not pretty but it does work on my OnePlus Android. Here is a summary of the process.
Devices that currently use a BYOD service (with certificates) but have or want to upgrade to Android 10 will have to re-on-board.
The following menu options may be different on different Android devices but the principle is the same.
It is recommended to restart the device.
Hope this helps others.
That is correct, with Android 10 BYOD registered and MAC-in-SAN condition will not work. What you have is what we recommend. https://community.cisco.com/t5/security-documents/ise-byod-endpoint-notes/ta-p/3857246#toc-hId--1243681234
First, disabling the ISE policy authorisation condition MAC_in_SAN is not an option. This is part of the security and the only way to check the identity of the client device.
I have a fix for a Dual SSID BYOD solution, it's not pretty but it does work on my OnePlus Android. Here is a summary of the process.
Devices that currently use a BYOD service (with certificates) but have or want to upgrade to Android 10 will have to re-on-board.
The following menu options may be different on different Android devices but the principle is the same.
It is recommended to restart the device.
Hope this helps others.
The randomized mac should be a setting in the wireless/advanced. Can't you just turn it off?