Skip AnyConnect on some SSIDs.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-12-2022 11:56 AM
So, the Client Provisioning Policy is set to apply AnyConnect to windows based PCs. How can I skip this for say BYOD or Guest SSID?
I can use Normalized Radius SSID contains BYOD in rules, but it doesn't exist in the provisioning section.
- Labels:
-
Identity Services Engine (ISE)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-12-2022 12:16 PM - edited 10-12-2022 12:17 PM
Make sure your authz policies aren't redirecting to the Client Provisioning Portal for clients you don't want to provision. If I am understanding your question correctly?

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-12-2022 12:51 PM
Well, we were testing BYOD and an Apple iPad was prompting to install software. We don't require software so I was able to disable the provisioning policy to stop it, but we do require AnyConnect for PC's, but I don't want it to prompt to install on BYOD.
I still need to do some testing as the PCs I have already have AnyConnect, but want to make sure it doesn't think it's needed for BYOD/Guest.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-12-2022 01:20 PM
Well it depends on your policies. Are you checking for posture or redirecting on all of your policies? Is this a single SSID? Why not do a "corporate" SSID that requires Posture and then a different SSID (BYOD) that doesn't?

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-12-2022 02:59 PM
yeah, separate SSIDs. Not sure why the Apple device triggered for an install as it's not set for posture at all, so wanted to make sure windows didn't trigger on BYOD.
