cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3920
Views
0
Helpful
6
Replies

ISE Using my device Portal , devices still in pending registration status

mmunozrosas
Level 1
Level 1

Abstract:
I'm on ISE 1.2 patch 8.
We want give access wireless to devices mobile using 802.1x with Active Directory. The condition is that he previously the user must register mobile device in "my device portal"


-The corporate user connected from the LAN network,   login in "my device portal"  using their active directory account and register your device.
-The policy defined in ISE indicates that 802.1x users in a group of AD and over condition "RegistredDevices" can access to the network (see screen 1)


-Users access the wireless network from your mobile device by entering its name from AD and finally accesses the network.
-From my "devices portal" devices always shows “Pending” status. All works as expected except for this situation.



Can you please help?

Regards,

Marco Muñoz

6 Replies 6

Saurav Lodh
Level 7
Level 7

Have you tried selecting and deleting the endpoints from ISE's endpoint database? Delete them and reregister

does not work, still in pending status.

 

 

It looks like you dont have any provisioning profiles configured.

Under Admin settings make sure client provisioning is enabled. Try to set native supplicant provisioning policy unavailable: to Allow Network Access. 

nspasov
Cisco Employee
Cisco Employee

I had seen this before and it was due to a bug. What version and patch are you running ?

 

Thank you for rating helpful posts!

Thank you for rating helpful posts!

tony.sangha
Level 1
Level 1

I am also seeing the same issue, we are running version 1.2.1 with patch 1 (latest).

Please see below of my Endpoints output from ISE.

Any ideas?

mbilgrav
Level 3
Level 3

I use ISE 1.3 and experience the same - did you ever get this sorted out ?

 

 

What I am trying to do, is to make a portal where super-users can add MAC adresse, which the in turns are allowed on the LAN.
Devices like printers, and other devices not running dot1x supplicants, and are not profilled.
I have noticed the new device portals, in the ISE 1.3 and also the auto-purge function. I kinda like it and want to use these features to support MAB devices via MAC Address Bypass, managed by super-user (AD integrated login)
But I need to fully understand the flow.


When I add a MAC via the mydeviceportal, it says the state i "pending"
When will a device registered via device portals, go to state "registered" ?
and hence stay in the InternalIdentityStore

http://www.cisco.com/c/en/us/td/docs/security/ise/1-3/mydevices/b_mydevices_13.html