I am building a wireless ISE solution that will service laptops (windows and OSX) via posture assessment, and mobile devices such as iphone, ipad and android.
I looking for help with the profiling of the android devices. I am using the profiler radius and HTTP probes, the radius probe appears to be sufficient for the laptops and the iphone/ipads.
HTTP has been introduced for the Androids as the radius probe wasn't receiving the user agent string from all the test android devices, for example a Samsung Galaxy S3 phone would send the user agent string and be profiled correctly, where as a Samsung Note 10.1 tablet wouldn't send the user agent string, so would be profiled as an unknown device.
I was attempting to keep it as seamless as possible for the end user. So I am not using device registrations, supplicant provisioning, etc. Obviously the posture assessment process isn't exactly semless, but once the users have downloaded the NAC client, etc, it is pretty seamless from a user interaction point of view, then on.
From the apple devices and the androids, I have an authorisation policy that says if the device is a profiled iphone/ipad/android, use CWA and guest portal, users login via AD creadentials and accept the AUP and away they go. Some of the androids ignore this policy and then match on the policy for the laptops (posture assessment). Once connected and in posture pending status, the redirection to the NAC agent page fails, but the android is then profiled correctly via the HTTP probe. If I attempt to browse again, I get redirected to the guest portal via CWA as the devices has been profiled as an Android and the user can login, accept the AUP and away they go.
I'd love to hear from people who have implemented android profiling in the production environments, and how you have done it?
I am aware that not using device registrations/supplicant provision, etc isn't exactly validated design, but for the purpose of the Android profiling, it shouldn't be relevant.
I am presently using ise 1.1.3
Huge thanks in advanced guys, any assistance is always greatly appreciated.