cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1662
Views
5
Helpful
2
Replies

Changing the "BYODRegistration" flag

Antonio Macia
Level 3
Level 3

Hi,

 

Is there any way to manually change the "BYODRegistration" flag for an endpoint in ISE? Some of the BYOD endpoints lost their registration status from "Yes" to "Unknown". Why this might happen? Does increasing the number of "Employee Registered Devices" counter reset this flag?

 

Regards.

1 Accepted Solution

Accepted Solutions

hslai
Cisco Employee
Cisco Employee

No, this attribute can not be changed via ERS API or ISE admin web UI. I would suggest to ignore this attribute, which is not accurate in many cases IMHO.

Updating "Employee Registered Devices" should not have reset this flag. If it does, then a bug.

View solution in original post

2 Replies 2

hslai
Cisco Employee
Cisco Employee

No, this attribute can not be changed via ERS API or ISE admin web UI. I would suggest to ignore this attribute, which is not accurate in many cases IMHO.

Updating "Employee Registered Devices" should not have reset this flag. If it does, then a bug.

Hi hslai,

 

We actually noticed that this flag changes when the device is re-profiled. Deleting the endpoint's MAC from the RegisteredEndpoints group even.

We are thinking of removing the "BYODRegistration" flag check from the authorization rules and check (among others) that the certificate presented by the user has been issued by our CA dedicated to BYOD. However, then if a user deletes a device from the "My Device Portal", that device will continue being able to connect to the network and thus, won't be a real limitation on the number of devices per user. The only way to block a device would be setting it as stolen or lost, but this is not user-friendly.

How can we tackle this? 

 

Regards.