Hello Niks-For your scenario

fatalXerror · ‎08-06-2014

Hi Guys,

I'm a little bit new with this Cisco ISE and I'm wondering if you can help me.

My setup is a WLAN 802.1x and I'm planning to deploy in the ISE just Device Registration WebAuth (only showing AUP) since the username and password authentication are checked via the WLAN settings of the computer.

My question are these, if I do that setup and when the employee logs out and in again does that employee needs to see again the AUP? Also, how the ISE checks if the device registration has been successfully done? Does the attribute Endpoint: BYODRegistration = YES will took effect?

Thank you very much in advance.

mohanak · ‎08-07-2014

If you had selected every login in multiportal then, the user needs to accept AUP with every login:

And in Sponsor portal you will be able to see the device status

nspasov · ‎08-07-2014

If you are using Cisco's wireless I woudl highly recommend that you push this funciton to the WLCs. The reasons I would recommend this are:

1. This type of authentication would take a Plus license

2. If you only care of the users to see and accept an AUP then the "passthrough" function in the WCL would do the job perfectly

3. The registered devices remian in teh system indefinitely. The current version of ISE does not proivde a mechanism to automatically purge those devices. Thus, you would have to manually remove them

Thank you for rating helpful posts!

Saurav Lodh · ‎08-22-2014

Venkatesh Attuluri · ‎08-26-2014

My question are these, if I do that setup and when the employee logs out and in again does that employee needs to see again the AUP?

Choose Administration > Web Portal Management > Settings > Guest > Multi-Portal Configuration.

Check the Guest portal to update and click Edit .

Click the Operations tab.

Choose one of these options to determine whether guest users must agree to an acceptable use policy:

– Not Used

– First Login

– Every Login

fatalXerror · ‎08-26-2014

Hi

I was able to configure now what I wanted however, when I go to "MyDevice" portal, the status of my device is still in pending even though I already did the device registration.

Please see attached file. What would I do for that issue to be resolve?

Thanks,

Niks

fatalXerror · ‎08-26-2014

Hi Experts,

By the way, I've just noticed that my AUP is not showing up, after I hit the register button in the self-provisioning page, it goes already to the confirmation that the device was successfully registered.

I already enabled the AUP in "MyDevice" Portal settings but the AUP still doesn't shows up.

Thanks in advance.

Niks.

nspasov · ‎08-27-2014

A couple of questions:

1. Which type of portal did you select for the DRW flow?

2. Do you have the "Self-provisioning flow" enabled

fatalXerror · ‎08-27-2014

Hi Neno,

Good Day!

I'm trying Native Supplicant Provisioning but I set the Client Provisioning settings to Network Access so that it will not check for the Client Provisioning policies.

Also, I already enabled the Self-Provisioning option in the Guest settings in Web Management Portal settings.

Thanks,

niks

Peter Koltl · ‎08-31-2014

Device Registration WebAuth and MyDevices portal are not the same, don't confuse them. Use either but not both.

nspasov · ‎09-01-2014

Hello Niks-

For your scenario (Device Registration WebAuth) you need to select the "Device Web Authorization Portal" when creating the portal. In that portal the "Enable Self-Provisioning Flow" is not available since it is used for the BYOD registration/provisioning process.

Hope this helps!

Thank you for rating helpful posts!

ISE 1.2 Employee Portal