cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
936
Views
0
Helpful
7
Replies

ISE 3.2 BYOD - Randomized MAC addresses - GUID

llomjaria
Level 1
Level 1

Hello,

I have a question regarding BYOD and randomized MAC addresses.

I have implemented Single SSID BYOD flow. Users are getting onboarding, ISE is the CA server and it sends certificates to them. I have found that in certificate template I can choose to use not only MAC address but MAC + GUID too. 

After successful onboarding, if MAC address changes ISE cannot identify device as BYOD Registered and users are redirected to BYOD onboarding portal again. 

My question is - how can I configure ISE to use GUID as device identifier ?

 

 

2 Accepted Solutions

Accepted Solutions

No, the workaround to mitigate issues with MAC randomization is to remove authorization conditions that use the MAC address from your policies as per this Field Notice.

View solution in original post

7 Replies 7

balaji.bandi
Hall of Fame
Hall of Fame

Thanks for the reply!

I have checked provided discussion but it is not related to my issue.

 

@llomjaria , the short answer is, you can't. See the following recent discussion on the similar topic.
https://community.cisco.com/t5/network-access-control/byod-solution-for-mac-randomized-endpoints/td-p/4994234

 

@Greg Gibbs Thank you for the response!

So user should register the same device every time MAC changes?

No, the workaround to mitigate issues with MAC randomization is to remove authorization conditions that use the MAC address from your policies as per this Field Notice.

Did you check that the clients actually get the right attributes in their certificates pushed by ISE? if not, you might need to make sure that you associated the certificate profile to the client provisioning policy profile. If both are correct, please share your authorization rules for review.

Yes, clients get correct certificates.

Please check attachment