Hi Marcin,

thanks for your fast answer.

But how do i manage my devices and mark them as lost in your scenario if not possible via myDevices portal?

I don't want to do any client provisioning.

That's part of what I'm saying, you can do provisioning without actual provisioning. But you do have to use supplicant provisioning to have a device registered under your name and the MAC address pre-populated.

Confusing I know, we're trying to influence the business unit to change this into something more ... intuitive.

How dissapointing. I am far away from a solution now :-/ Supplicant Provisioning is, on my point of view, not very user friendly if you do not use TLS and if you want support a wide range of endpoints, espacially android or blackberry.

Thanks for your help.

Following labminutes videos will surely help you out achieving your task-

http://www.youtube.com/watch?v=qfH9mvK29-I

http://www.youtube.com/watch?v=ZeS1Iu9daWo

http://www.youtube.com/watch?v=IO6gSzgtVvo

http://www.youtube.com/watch?v=9TD6UXodRVk

You can also refer BYOD design guide-

http://www.cisco.com/en/US/docs/solutions/Enterprise/Borderless_Networks/Unified_Access/byoddg.html

Hi all,

I am trying to accomplish the same thing as Andreas. I want the user to register the device with a prefilled MAC, adding the MAC to the RegisteredDevices Group. Apparently this is only possible using "supplicant provisioning"?

Is it possible to skip the actual provisioning, and just allow access after device registration?? When trying to accomplish this, I cannot register the MAC...on the device registration page I get the message that no policy is configured or similar (in german).

Anybody have any idea on how I can do this? I simply want the guest to sign into the web portal (working), register the device with a prefilled MAC, and getting access straight afterwards. I do not want to push any policies/profiles etc. to the client.

Thanks in advance!

Did you allow flows which do not match provisioning rules?

"Native Supplicant Provisioning Policy Unavailable:"

Thanks, just stumbled upon that myself 

After several contacts and lab sessions with our partner i can tell you: It is  NOT possible (Tested with 1.1.4).

What you can do:

Login to the myDevice Portal

Register your Device manually with his MAC address

Connect to the (i.e. internet) SSID with your Device. If registered previously you have access to (i.e.) internet, if not...then not :-)

There is NO automatic AUP and NO prefilled MAC in this solution :-(

Provisioning is nice for your company devices but not if you want to grant internet access for a lot of 3rd party devices.

I am still trying to find a perfect solution, but what I have accomplished by now, is:

1. Sponsor creates guest account

2. Guest user connects to open Guest SSID

3. Guest user gets redirected to WebAuth portal, where he/she enters credentials

4. After login, Guest user gets redirected once again to device registration, where the MAC gets prepopulated, and the Guest can register his device.

5. After device registration, guest user gets internet access.

At the moment I am stuck at step 5, but I am sure its just an authorization policy issue.

Do you have an AUP in your process? When you have fixed step 5 please come back and report :-)

In Step 4, this is not the myDevices Portal where the MAC gets prepopulated, right?

Yes, AUP displayed at Step 3. At the moment I am using the internal AUP, but will be customizing later on. Will keep you posted on my progress. An no, its not the mydevices portal.

It looks to me as if the Device Registration Portal is not meant to be used in combination with Guest access. Once I register my device, the guest session seems to end, and I get prompted to reathuenticate.

Is there a way to automatically add a guest device to a specific endpoint group, when the guest logs in for the first time? This would help me a great deal!