10-21-2015 09:04 AM - edited 03-10-2019 11:10 PM
I'm running ISE 1.3 Patch 4 in my Lab environment and i'm running thru the setups you can find at labminutes.com for the BYOD setups. I completed both the WIRED and WLAN BYOD setups but wondered why two separate BYOD portals were used, one being an actual BYOD portal, the other a standard Guest portal that was tweaked for just BYOD. I wanted to just use a single BYOD portal for both WIRED and WLAN.
So I modified my WIRED_BYOD_PROVISIONING auth_z profile to use the native supplicant provision portal that had been originally build for the WLAN, as seen below:
here's a shot of my AUTH_Z Policy as well:
all looks good on the config side, but when you try to connect from a BYOD device on a WIRED connection the client gets the following error on the BYOD portal page:
anybody have any ideas?!? if you pull the session ID portion out of the URL you get a standard BYOD Welcom page with no error but you still cannot log in and get this instead:
10-23-2015 06:26 AM
got the following explanation as to why my setup won't work:
"You cannot just use BYOD portal for wired MAB since there is no user information for the system to use to register the device. So your options are
For Wireless,
1. Single SSID - 802.1X with BYOD Portal
2. Dual SSID - Open SSID with MAB and Guest Portal on first SSID and 802.1x on the second
For Wired,
1. 802.1x with BYOD Portal (Doesn't make sense as require user to config wired .1x profile
2. MAB with Guest portal so user can login using AD account and proceed with BYOD onboarding.
If you want to use single Guest portal for both wireless and wired, you would go with option 2 for both having user logging into to guest portal then onboard."
So the BYOD portal ONLY works with an auth method behind it that has some user information to be passed to the portal and we have that in the single SSID wireless scenario but will never have it in a wired MAB scenario since the NIC hasn't been configured yet.
12-14-2015 10:47 PM
HI Team ,
Is there any way to do wired BYOD on boarding with PEAP (AD user credentials) only in ISE 1.4.
Thanks in advance
04-21-2017 08:27 PM
dear Pranav
I know this is too late, but yes you can do that.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide