07-31-2013 07:46 PM - edited 03-10-2019 08:43 PM
Guys, when i sent down a profile using native suplicant for iphone, iphone gets it but it does not automatically selects TLS on the SSID.
Here is what happens:
Iphone connects to BOYD-SSID
credentials enter
client provision process
** if Auto-Login is selected problem with self registration!!!!!!!!
bunch of security errors, profile is downloaded
iphone reconnects to BOYD_SSID with credentials initilly entered (therfor MSCHAPv) not TLS
in client provisining cycle.
NOW!!!!
go back to BYOD-SSID and "forget the network", reconnect again, and manually selecting TLS and using the profile previously downloaded, and everything works!!!!
Too many freaking steps for BYOD!!!! I can't have my client tell his employees to do that.
ANy ideas.....
07-31-2013 08:24 PM
Marcin,
I have not had the problems you are discussing, what version of code are you running and I assume you are using the single-ssid method? In my experience I have seen where the new profile over-writes the old peap profile and after COA hits the client then uses eap-tls to connect.
Can you provide screenshots of the experiences you are having?
Thanks,
Tarik Admani
*Please rate helpful posts*
07-31-2013 09:10 PM
I can get this info to you later on tonight or tomorrow morning.
Maybe i have a problem with CoA???
Do you need version of ISE and Ipad?
11-02-2015 03:31 AM
Hi All,
I have the same problem for iOS devices.
With the same configuration i have problems with Iphone 6 version 9.0.1 but not with iphone 4
So the problem seems not to be in CoA but in iOS process.
With Iphone 6 i need to " forgot the network" and then specified TLS configuration and choose username authentication + certificate that will be used for this username.
regards
07-31-2013 11:24 PM
It would be helpful to see screenshots of your authorization policies, and the authentications dashboard. Also some information regarding your wireless setup.
Sent from Cisco Technical Support Android App
08-06-2013 08:49 PM
i got it to work!!!
I have a problem with ANdroid connecting to google play... I am using BYOD SSID connected via FLEXCONNECT, and my ACL does not allow google play no matter where i allow that traffic.
Can you point me into right direction where to modify ACL to allow google play during provisioning process.
08-06-2013 09:00 PM
Hi,
Do you have the contents of the acl? Also where are you applying this acl? I have had challenges in deploying flexconnect with ISE but lets see how the client entry looks and what state the client is in when you hand down the provisioning acl from ISE.
Thanks,
Sent from Cisco Technical Support iPad App
08-07-2013 09:45 AM
I applied to the FLEXCONNECT WEB POLICY as it says in the PDF.
03-19-2014 05:59 AM
What did you do to fix the problem with Auto-Login. I have the same problem!
08-14-2014 12:25 AM
08-07-2013 01:14 PM
in this state using flex connect i need to go to google play.. and it does not work
08-14-2013 05:27 PM
Please find the link information all the configuration for client provisioning.
http://www.cisco.com/en/US/docs/security/ise/1.1.1/user_guide/ise_client_prov.html
07-07-2014 03:52 AM
02-16-2016 07:26 AM
08-08-2018 03:21 AM
This has been reportedly fixed, as stated in the following link here.
My question is, what is the fix? Is it a workaround or is the client provisioning as simple as it used to be?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide
Hi All,
I have the same problem for iOS devices.
With the same configuration i have problems with Iphone 6 version 9.0.1 but not with iphone 4
So the problem seems not to be in CoA but in iOS process.
With Iphone 6 i need to " forgot the network" and then specified TLS configuration and choose username authentication + certificate that will be used for this username.
Impossible to explain to our customer.
regards