cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3176
Views
0
Helpful
3
Replies

NSP issue in ISE BYOD scenario

ciscoworlds
Enthusiast
Enthusiast

Hi all;

Happy holidays and upcoming new year. I'm practicing BYOD and trying to use NSP (Native Supplicant Provisioning) for a lab pc (win7 PC). After connecting to the SSID, I'm redirected to BYOD portal which wants me accept AUP and add a name and description for device registration. Cisco Network Assistant downloaded onto PC and I ran it. It started but after a while, it failed showing "Cisco secure access configuration for the TE-LIMIT network failed" message. I opened "%temp%\spwProfileLog.txt"file to see installation logs. It said that it couldn't install the certificate thus ending the wizard. I think it would be good to mention ISE configuration for more clarity:

 

  • I have a separate internal CA in my network and ISE obtained a certificate from that CA; so I am connected to the ISE securely from my management PC (not the PC which is being used on the lab).ise3.jpg

 

 

  • I created a native supplicant profile "TISE-NSP"as shown below and I edited SSID to be the same as my test SSID which is used by lab pc. The certificate temple configuration is pasted too:ise4.jpg

 

 

 

ise1.jpg

 

 

  • I used default authorization policies: ise2.jpg

 

 

  • and at the end, I created a wireless profile manually on my Win 7 lab pc withthese properties:  SSID: TE-LIMIT;; Security Type: WSA2-Enterprise;; PEAP with disabled "Validate Server Certificate" option;; Authentication mode: Only user authentication. 
  • ISE and lab PC are both members of internal domain (xinmix.local).
  • My lab pc has access to the ISE and I can ping ISE IP address throughout the lab while I'm connected with SSID "TE-LIMIT". There is no firewall between ISE and lab PC. I just route traffic between them by a Cisco router. 
3 Replies 3

I’m having the same problem on Wired BYOD dot1x ISE. Anyone have any suggestions?

 

I am having same issue on Wired BYOD scenario.anyone know fix ?

 

Thanks

ciscoworlds
Enthusiast
Enthusiast

Isn't there anyone who has an idea or resolution about this issue?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers