04-04-2017 04:35 AM
Dear Folks,
I am configuring the BYOD for my POC and I am using the SSID for my Guest Access, but there is a conflict whenever I access the GUEST SSID, it's all pointing to the BYOD Policy and I cannot connect anymore to the previously working GUEST SSID.
Can anyone provide the working configuration guidelines for the ISE version 2.1
Thanks,
Manny
Solved! Go to Solution.
04-04-2017 06:57 AM
Can you explain the issue in more detail?
It sounds to me maybe your device is going through the byod flow since you onboarded it? And you want to test guest with same device?
Did you try deleting the endpoint
Also you can check out the dual SSID doc configuration in our community how to site or use the Dcloud demo setup as a comparison or maybe even our ise pov document
04-04-2017 06:57 AM
Can you explain the issue in more detail?
It sounds to me maybe your device is going through the byod flow since you onboarded it? And you want to test guest with same device?
Did you try deleting the endpoint
Also you can check out the dual SSID doc configuration in our community how to site or use the Dcloud demo setup as a comparison or maybe even our ise pov document
04-06-2017 12:13 AM
I am actually using my guest SSID for my BYOD setup, but everytime i enable the policy for BYOD and try to connect to the normal guest access, i got access denied. I cannot enable both Guest and BYOD Access.
I have 2 SSID at the moment, 1 for GUEST and 1 for EMPLOYEE, which SSID should i use for BYOD? Do i have to create new one name "BYOD" or i have to choose from GUEST and EMPLOYEE? What is the best practice?
The guidelines that has been provided seem to me not a complete one, i haven't seen the conditions configuration (it's just a snapshot for Policy) and client provision.
Can anyone provide the step-by-step configuration of BYOD please!!!
Thanks,
04-06-2017 04:19 AM
The guides for dual ssid are what you need
User or guest connects to open network
Guest enters creds into guest portal and connects to internet
Employee connects open SSID and then enter employee creds (not guest) and goes through BYOD flow and device supplicant now connects with cert to employee network (if you configured flow for tls cert auth)
This guide has what you need but you don't need to change authentication methods identity source sequences user store info as in 2.x it's already setup most of this
You will need to look at authorization rules to match your correct portal and flow , client provisioning rules to make sure you have correct SSID
https://communities.cisco.com/servlet/JiveServlet/previewBody/68160-102-1-125080/How-To_61_BYOD_Onboarding_Registering_and_Provisioning.pdf
More info on then components
http://www.cisco.com/c/en/us/td/docs/security/ise/2-0/admin_guide/b_ise_admin_guide_20/b_ise_admin_guide_20_chapter_01111.html
A video in ise 2.0 - http://youtu.be/5dTi0vLLVTc
You should be using ise 2.x with latest patches
2.2 using the secure access wizard will be the easiest for you
https://communities.cisco.com/docs/DOC-71189
If still trouble please work through tac, partner or cisco sales team for assistance
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide