cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5002
Views
1
Helpful
3
Replies

ISE 2.1 BYOD Configuration

mannygawadcco
Level 1
Level 1

Dear Folks,

I am configuring the BYOD for my POC and I am using the SSID for my Guest Access, but there is a conflict whenever I access the GUEST SSID, it's all pointing to the BYOD Policy and I cannot connect anymore to the previously working GUEST SSID.

Can anyone provide the working configuration guidelines for the ISE version 2.1

Thanks,

Manny

1 Accepted Solution

Accepted Solutions

Jason Kunst
Cisco Employee
Cisco Employee

Can you explain the issue in more detail?

It sounds to me maybe your device is going through the byod flow since you onboarded it? And you want to test guest with same device?

Did you try deleting the endpoint

Also you can check out the dual SSID doc configuration in our community how to site or use the Dcloud demo setup as a comparison or maybe even our ise pov document

ISE BYOD

ISE Design & Integration Guides

View solution in original post

3 Replies 3

Jason Kunst
Cisco Employee
Cisco Employee

Can you explain the issue in more detail?

It sounds to me maybe your device is going through the byod flow since you onboarded it? And you want to test guest with same device?

Did you try deleting the endpoint

Also you can check out the dual SSID doc configuration in our community how to site or use the Dcloud demo setup as a comparison or maybe even our ise pov document

ISE BYOD

ISE Design & Integration Guides

I am actually using my guest SSID for my BYOD setup, but everytime i enable the policy for BYOD and try to connect to the normal guest access, i got access denied. I cannot enable both Guest and BYOD Access.

I have 2 SSID at the moment, 1 for GUEST and 1 for EMPLOYEE, which SSID should i use for BYOD? Do i have to create new one name "BYOD" or i have to choose from GUEST and EMPLOYEE? What is the best practice?

The guidelines that has been provided seem to me not a complete one, i haven't seen the conditions configuration (it's just a snapshot for Policy) and client provision.

Can anyone provide the step-by-step configuration of BYOD please!!!

Thanks,

The guides for dual ssid are what you need

User or guest connects to open network

Guest enters creds into guest portal and connects to internet

Employee connects open SSID and then enter employee creds (not guest) and goes through BYOD flow and device supplicant now connects with cert to employee network (if you configured flow for tls cert auth)

This guide has what you need but you don't need to change authentication methods identity source sequences user store info as in 2.x it's already setup most of this

You will need to look at authorization rules to match your correct portal and flow , client provisioning rules to make sure you have correct SSID

https://communities.cisco.com/servlet/JiveServlet/previewBody/68160-102-1-125080/How-To_61_BYOD_Onboarding_Registering_and_Provisioning.pdf

More info on then components

http://www.cisco.com/c/en/us/td/docs/security/ise/2-0/admin_guide/b_ise_admin_guide_20/b_ise_admin_guide_20_chapter_01111.html

A video in ise 2.0 - http://youtu.be/5dTi0vLLVTc

You should be using ise 2.x with latest patches

2.2 using the secure access wizard will be the easiest for you

https://communities.cisco.com/docs/DOC-71189

If still trouble please work through tac, partner or cisco sales team for assistance