cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3529
Views
5
Helpful
13
Replies

BYOD Device Registration Portal

Jason Weids
Level 1
Level 1

Hi,

 

I am looking for a guide that details how to setup a device registration portal & the policies required so that students & staff members can register their personal devices to their user IDs & be granted access to the wireless & wired network. There can be no installation of a supplicant or certificates involved as some devices may be games consoles, personal assistants, apple tv's & printers.

 

Thanks

1 Accepted Solution

Accepted Solutions

Right. However you can identify devices and have them go throught cert and supplicant config (for securing those devices) and still have dumb devices come through (they will manually need to register throught the my devices portal)

I would recommend you look at the BYOD guide under http://cs.co/ise-community > deploy > BYOD

View solution in original post

13 Replies 13

Hi,

This guide seems to match your requirements.

 

HTH

Right. However you can identify devices and have them go throught cert and supplicant config (for securing those devices) and still have dumb devices come through (they will manually need to register throught the my devices portal)

I would recommend you look at the BYOD guide under http://cs.co/ise-community > deploy > BYOD

Yep, been there, wasn't any help was hoping someone helpful could provide a guide or actually point to one that works.

No it doesn't. It is not for v2.3. & it doesn't achieve what I want. I just want a registration page that users can add their MAC addresses & it put it in an identity group.

Francesco Molino
VIP Alumni
VIP Alumni
Hi

On Cisco website, you have lot of documentation like this one: https://cisco-marketing.hosted.jivesoftware.com/servlet/JiveServlet/previewBody/68160-102-1-125080/How-To_61_BYOD_Onboarding_Registering_and_Provisioning.pdf

This one relates to an old ISE version but it's still the same except ISE GUI changed.

Otherwise, you have Labminutes.com doing some great videos like: http://www.labminutes.com/sec0277_ise_22_byod_wireless_onboarding_single_ssid_1

Last but not least, you have an excellent book explaining all this: http://www.ciscopress.com/store/cisco-ise-for-byod-and-secure-unified-access-9780134586663

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

I have been through loads of documentation & appear to be wasting my time.

The reason I posted in the community is I'm looking for a guide to create a portal for users to add their devices & have them added to an identity group. No certs, or supplicant involved.

There is no guide. You simply use the my devices portal built into ise. It’s own by default. User logs into the portal. Adds their device and it is Added to registered devices

Therefore you write an authorization policy if registered devices then permit access the way you want

Admin guide talks about my devices portal


https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ise_admin_guide_24/b_ise_admin_guide_24_new_chapter_010000.html

How can there be no guide? You say simply use the my devices portal, so
where do you access this? How do you customise this? How do expect people
to use this with no guide. That is not helpful at all.

I have currently created a My devices portal page. When I test the URL
there is a start button which when I click says your device is currently
not supported. What is it trying to do? Why am I getting that. Where is the
field to add MAC address & user ID.

I was not born with this inherent knowledge so a guide would be very useful.

A guide doesn’t exist for every nuance of what is possible. I will ask if something can be added

There is no start button on the my devices portal. The byod portal is used for automatic registration of devices that have a browser. You may choose to use supplicant and certificate provisioning. If you choose not to then the link which is in the admin guide and also here and other places can be used

Note
________________________________

You can configure a BYOD flow that does not use supplicants. See the Cisco ISE Community document https://supportforums.cisco.com/blog/12705471/ise-byod-registration-only-without-native-supplicant-or-certificate-provisioning.


The my devices portal is already setup. It can be accessed using the portal test url at the top of the portal. But would recommend using an FQDN to make it easier to access
Search for FQDN here
https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ise_admin_guide_24/b_ise_admin_guide_24_new_chapter_011100.html

The my devices portal is used to register devices that can’t go through the byod portal for automatic registration (example printers, dumb game consoles etc)

Once a device is registered then it can be authorized using a policy set that was explained in the write without native supplicant , basic if registered device then permit access accordingly

HTH

I realise a guide for every nuance won't exist but just the basic up to date guide like where to find the My devices Port page would be a good start.

 

I have now found this in Work Centers>BYOD>Portals & Components>My Devices Portal

 

Now, the issue I have here is I can not test the URL because in the Cisco guide here it says;

"Portal test URL—A system-generated URL displays as a link after you click Save. Use it to test the portal."

The problem is, it will not save & I am getting "Unable to load devicePortalMyDevicesAction.do?customizatio
nLanguage=English&command=saveMyDevices status:401"

 

Is this a bug or am I missing something else?

I have not seen that, perhaps trying a different browser, restarting ISE and then calling the TAC

Apparently it is a bug.

 

CSCvh79901

APEX license should not be required to update MyDevices Portal.

Workaround:
The issue went away after loading a temporary Apex license on ISE, even though this shouldn't be necessary.

 

How do I load a temporary APEX license?

Work through the TAC