Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
993
Views
0
Helpful
5
Replies

Status cannot be changed from mydevices portal on secondary PAN

Go to solution
masyamad
Cisco Employee
Cisco Employee

‎10-02-2018 06:46 PM

Hi dev team,

 

I tested MyDevice portal in 2 node deployment and found an interesting behavior.

I'm not sure it's expected or incorrect behavior. Could you comment on this?

 

When I modify device from primary PAN, both description and status can be changed.

ex) add description and change the status to "Lost"

無題.png 

* Attached xlsx shows full test procedure. Please also refer it.

 But when I did similar modification on secondary PAN, only description was updated.

 

無題.png

 

Because it's secondary PAN, the result of status might be expected. (i.e. secondary PAN provides readonly access to registered MAC addresses).

But modification of description is still availabe even on secondary. So I'm not sure what the real expected behavior of mydevices portal is. Coud you confirm  about it?

Preview file
403 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to Nidhi

‎10-03-2018 05:37 AM

My devices and all end user facing portals run on all the policy service nodes. To access it you would either use the portal test url or the easy url fqdn created under portal settings

When using the portal test url you would need to change the IP address in the string to access other PSNs as it only uses the first psn in the registered node list

To test using the fqdn you would need to add remove each psn node to dns respectively

Keep in mind that my devices should only point to a few PSNs max for redundancy in your ha scale design

The behavior you’re listing doesn’t seem correct. Would recommend working through tac to debug as the community is not meant for break fix determination

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Nidhi
Cisco Employee
Cisco Employee

‎10-02-2018 11:33 PM

Can you access My devices link from Secondary PAN ? You can only view limited options. 

Also, when you click on My devices portal from the PAN, the connection is to the PSN. you can check the address bar to confirm this.

Can you send me screenshot of your deployment page and the screenshot of your secondary PAN UI ? 

 

Thanks,

Nidhi

 

 

0 Helpful

Go to solution
masyamad
Cisco Employee
Cisco Employee
In response to Nidhi

‎10-03-2018 02:08 AM - edited ‎10-03-2018 02:10 AM

Hi Nidhi,

It's not BYOD but mydevices portal issue. In my understanding, the portal will be accessed by not administrator but BYOD users. So it's accessed not from PAN GUI but accessed directly from web browser with a URL like https://mydevicestest01.testcert.com/ (or https://mydevicestest02.testcert.com/ for secondary ISE) which is definied in FQDN in mydevice portal setting page.

The snapshot of configuration page.

無題.png

 

I don't believe it's related to PAN GUI...Do I miss something?

 

> Can you send me screenshot of your deployment page and the screenshot of your secondary PAN UI ? 

Yes.

 

Primary ISEdeployment_page_on_primary_ISE.png

 

Secondary ISE

deployment_page_on_secondary_ISE.png

0 Helpful

Go to solution
Nidhi
Cisco Employee
Cisco Employee
In response to masyamad

‎10-03-2018 02:28 AM

You can access it from the link - " Portal test url ' . which I thought what you did initially . 

I will test this and update you soon 

0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to Nidhi

‎10-03-2018 05:37 AM

My devices and all end user facing portals run on all the policy service nodes. To access it you would either use the portal test url or the easy url fqdn created under portal settings

When using the portal test url you would need to change the IP address in the string to access other PSNs as it only uses the first psn in the registered node list

To test using the fqdn you would need to add remove each psn node to dns respectively

Keep in mind that my devices should only point to a few PSNs max for redundancy in your ha scale design

The behavior you’re listing doesn’t seem correct. Would recommend working through tac to debug as the community is not meant for break fix determination
0 Helpful

Go to solution
masyamad
Cisco Employee
Cisco Employee
In response to Jason Kunst

‎10-03-2018 04:19 PM

Thanks for the confirmation. Unlike sponsor portal, I could not find expected behavior of mydevices portal on secondary node so would like to know if it's expected or incorrect behavior.

* Admin guides explains about "New Guest (Sponsored or Self-registered) " or "guest password change" but doesn't mention about "new device" or "device status change".
https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ise_admin_guide_24/b_ise_admin_guide_24_new_chapter_011.html#ID59

I understand it's incorrect behavior, will contact sustaining team for fixing.
0 Helpful
Customers Also Viewed These Support Documents