Solved: ISE BYOD Provisioning - Android

rchockeelopez · ‎02-08-2017

We are having issues downloading Cisco Network Assistant in google play with error 495.

ISE 2.1

WLC 8.2.141.

We are running WLC with FlexConnect APs. We already assingned the google public addresses and it does not work.

Hope you can help.

Regards.

howon · ‎02-08-2017

Sorry, I was not clear. For testing purpose, just add single entry that denies IP access to 1.1.1.1 on the ACL then permit ip any any. Then on the client, try to go to 1.1.1.1 to force redirect.

View solution in original post

howon · ‎02-08-2017

With FlexConnect AP you will need to permit access to google addresses via IP instead of DNS names as DNS ACL is not supported with FlexConnect ACL. Assuming you are still experiencing issues even with allowing IP subnets, then I recommend temporarily permitting full access to the Internet for the duration of on boarding.

rchockeelopez · ‎02-08-2017

Thanks. If i give full access in the ACL temporarily the redirection on the portal will not work.

Hope you can help

howon · ‎02-08-2017

Sorry, I was not clear. For testing purpose, just add single entry that denies IP access to 1.1.1.1 on the ACL then permit ip any any. Then on the client, try to go to 1.1.1.1 to force redirect.

Jason Kunst · ‎02-08-2017

How about allow internet but only redirect on internal addresses. This way clients are required to onboard before they can get internal access.

They connect, try to access internal resource and are required to go through on boarding?