08-20-2019 08:32 PM - edited 08-20-2019 08:35 PM
I'm testing ISE BYOD with iphone/android phone and everything works fine but see some difference below.
For testing purpose, I have 2 AuthZ policy only. (Single SSID, No Certificate provisioning)
Policy1: If BYOD registered device => Internet Only
Policy2: If MSCHAPv2 => BYOD portal with NSP
The difference is below.
1. When testing with Android phone, initial onboarding with 802.1x hit policy2 with redirection and we saw COA was issued when clicking 'Go to Google Play xxxx' in Step 3.
This ultimately made the device hit policy1 again and can connect to the Internet even without finishing NSA. Meaning at this moment, user can access google,youtube etc.
2. When testing with iphone, initial onboarding with 802.1x hit policy2 with redirection and when profile is downloaded in step 3 of 'Apple configuration profile xxxx', there is no COA issued from ISE and hence if user does not complete the profile installation by going back to 'iphone General setting', they will always be redirected since being kept in policy2.
(If I force reconnect to the SSID without installing the profile, the device will hit policy1 and connect to the Internet.)
I understand the policy will not be such open in real-world usecase but want to make sure if this is normal. Is it supposed to see COA when clicking 'Go to Google Play xxx' in usecase 1 above?
08-21-2019 07:48 PM
Yes.
We usually add another condition -- Session·Device-OS Equals Android -- in the Policy rule 1.
08-22-2019 08:30 PM
08-23-2019 04:07 AM
08-23-2019 04:28 AM
Jason,
I had the same doubts and waited for a while in the screen 'Go to Google Play xxxx'.
If Profiler (identified as android) was the reason of COA, it would be triggered regardless clicking the button 'Go to Google Play xxx' or not.
However COA was not seen as I waited for 1min in that page and as long as clicking it, COA was in.
Let me try to test with turning off the Profiling COA.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide