10-06-2015 04:00 AM - edited 03-10-2019 11:07 PM
Hi community,
I was asking myself, can I configure single SSID BYOD Onboarding without SCEP? I'm in this position where I want the users to connect and register their own devices using MSCHAP as inner method but I don't want to provide certificates with SCEP as this is a platform I don't have access to.
It might be losing the whole purpose of BYOD but I just need users to register and de-register their own devices taking the MAC Address administration burden out of IT.
Thanks in advance
Solved! Go to Solution.
10-06-2015 06:44 AM
Hi Antonio,
ISE does support BYOD with EAP-PEAPv0 MSCHAPv2 or EAP-TLS profiles. You can build a supplicant provisioning profile to do only PEAP for the supported platforms (Windows, Android, MacOSX and iOS).
10-06-2015 06:44 AM
Hi Antonio,
ISE does support BYOD with EAP-PEAPv0 MSCHAPv2 or EAP-TLS profiles. You can build a supplicant provisioning profile to do only PEAP for the supported platforms (Windows, Android, MacOSX and iOS).
10-06-2015 06:06 PM
Thank you Wayne, I will definitely try it out during this week.
Regards
11-16-2015 10:03 AM
And to add more to this here is how you do it
11-17-2015 05:42 AM
No access to the blog post, is it just me?
Is it possible to post the pdf?
Cheers
11-17-2015 05:53 AM
Can't access either
11-17-2015 11:15 AM
Check it out now
11-17-2015 05:51 AM
Indeed it worked.
I even took out the whole Google Play procedure by going into Administration -> Settings -> CLient provisioning (left side pane) and changed "Native Supplicant Provisioning Policy Unavailable" to "Allow Network Access"
Didn't know this was possible.
Thank you
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide