10-30-2017 10:08 AM
Hello,
I have been tasked with implementing a CWA with BYOD. Everything is almost working as expected except for BYOD on Android. I can connect and initiate the BYOD portal on the device, but when I get to the last section to download the Cisco Network Setup Assistant I have issues. I have opened up access to play.google.com, but when I click to download the tool, it spins for a few seconds than just connects me to the network. When I looked at registered devices, it shows my phone connected with no certificate.
My ISE Version is 2.3. My Native Supplicant Profile has the guest SSID selected and is set to use a certificate template issued by the internal CA. No proxy is configured.
That resource is then the result of the Client Provisioning Policy rule set.
which is then called in the policy set for any devices running the Android OS.
So, I am just trying to figure out why the CNSA is not installing and applying the cert to the device.
Solved! Go to Solution.
11-03-2017 11:36 AM
that doesn't explain why you're just being granted access, that's another issue like an incorrect policy or default setting, what did they have to say about that?
If you want to make it simple you can just allow all internet and only redirect on internal sites.
Or ask the user to download the app before they try to onboard.
11-02-2017 11:07 AM
You may be missing DNS entries please see link below for guidance.
Using DNS-Based ACL for Chromebooks and Android DevicesUsing DNS-Based ACL for Chromebooks and Android DevicesUsing DNS-Based ACL for Chromebooks and Android Devices
Danny
11-03-2017 11:31 AM
Thanks for the reply Danny. I just got off the phone with TAC and they had the same answer. With google being so dynamic the only real solution is to keep up with all of their DNS entries.
11-03-2017 11:36 AM
that doesn't explain why you're just being granted access, that's another issue like an incorrect policy or default setting, what did they have to say about that?
If you want to make it simple you can just allow all internet and only redirect on internal sites.
Or ask the user to download the app before they try to onboard.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide