04-10-2019 01:57 PM
for BYOD, can we USE MAC Address instead of Cert ?
we have Customer with ISE 2.4, does not wants to use cert onboarding and wants to keep mac address without adding?
Flow should be like This.
end devices connect to BYOD SSID, then ask for ad user/password. then ISE keep mac and next time ISE should not ask user/password. and next time use mac for authentication.
Customer does not want to add mac manually. after first time login with AD username/password. ise should Keep its mac for certain period.
Solved! Go to Solution.
04-10-2019 07:27 PM
This is just standard sponsored guest portal setup. In the sponsored guest portal you have the options to set a guest type for "Employees using this portal". That guest type is tied to an endpoint identity group. You decide how often to purge that identity group.
So employee connects to the SSID, gets redirected to the portal, enters their AD credentials, optionally accepts an AUP page and then their MAC address is added to the endpoint identity group you specified in the employee guest type. How often you purge the endpoint identity group determines how often the employees have to see the portal.
04-10-2019 07:27 PM
This is just standard sponsored guest portal setup. In the sponsored guest portal you have the options to set a guest type for "Employees using this portal". That guest type is tied to an endpoint identity group. You decide how often to purge that identity group.
So employee connects to the SSID, gets redirected to the portal, enters their AD credentials, optionally accepts an AUP page and then their MAC address is added to the endpoint identity group you specified in the employee guest type. How often you purge the endpoint identity group determines how often the employees have to see the portal.
04-10-2019 07:39 PM
04-11-2019 09:30 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide