Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1074
Views
0
Helpful
3
Replies

ISE 1.3 BYOD Portal works only for WLAN and not for WIRED...

ben.posner
Level 1
Level 1

‎10-21-2015 09:04 AM - edited ‎03-10-2019 11:10 PM

I'm running ISE 1.3 Patch 4 in my Lab environment and i'm running thru the setups you can find at labminutes.com for the BYOD setups. I completed both the WIRED and WLAN BYOD setups but wondered why two separate BYOD portals were used, one being an actual BYOD portal, the other a standard Guest portal that was tweaked for just BYOD. I wanted to just use a single BYOD portal for both WIRED and WLAN.

 

So I modified my WIRED_BYOD_PROVISIONING auth_z profile to use the native supplicant provision portal that had been originally build for the WLAN, as seen below:

here's a shot of my AUTH_Z Policy as well:

all looks good on the config side, but when you try to connect from a BYOD device on a WIRED connection the client gets the following error on the BYOD portal page:

anybody have any ideas?!? if you pull the session ID portion out of the URL you get a standard BYOD Welcom page with no error but you still cannot log in and get this instead:

 

Labels:
0 Helpful
3 Replies 3

ben.posner
Level 1
Level 1

‎10-23-2015 06:26 AM

got the following explanation as to why my setup won't work:

"You cannot just use BYOD portal for wired MAB since there is no user information for the system to use to register the device. So your options are

For Wireless,
   1. Single SSID - 802.1X with BYOD Portal
   2. Dual SSID - Open SSID with MAB and Guest Portal on first SSID and 802.1x on the second

For Wired,
  1. 802.1x with BYOD Portal (Doesn't make sense as require user to config wired .1x profile
  2. MAB with Guest portal so user can login using AD account and proceed with BYOD onboarding.

If you want to use single Guest portal for both wireless and wired, you would go with option 2 for both having user logging into to guest portal then onboard."

 

So the BYOD portal ONLY works with an auth method behind it that has some user information to be passed to the portal and we have that in the single SSID wireless scenario but will never have it in a wired MAB scenario since the NIC hasn't been configured yet.

0 Helpful

Pranav Gade
Level 1
Level 1
In response to ben.posner

‎12-14-2015 10:47 PM

HI Team ,

Is there any way to do wired BYOD on boarding with PEAP (AD user credentials) only in ISE 1.4.

Thanks in advance

0 Helpful

alibarzoodeh
Level 1
Level 1
In response to Pranav Gade

‎04-21-2017 08:27 PM

dear Pranav

I know this is too late, but yes you can do that.

0 Helpful
Customers Also Viewed These Support Documents