cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2486
Views
0
Helpful
7
Replies
Beginner

android device can not auth by ISE byod single ssid with wism code 7.0.220

HI

    I want  Implementing  Byod solution to

  wism(1)   with code 7.0.220 + ISE 1.1.4

   I setup with http://www.cisco.com/en/US/solutions/collateral/ns340/ns414/ns742/ns744/docs/howto_61_byod_provisioning.pdf

   because 7.0.220 dont support Open + MAC Filtering + radius NAC  for dual ssid

   therefore it's only support single ssid solution...

     It's work with iphone and ipad and win7

   but android fail 

   android alway show cant not detec ISE server

   android spw.log  just log can not detect ISE only

   with wireshark see android send few packet to it's default(android's) gateway port:80 and enroll.cisco.com :80

    seems wism did not redirect the packet to ISE....??

does any one sucess on single ssid on wism(7.0.220) with android ??

Everyone's tags (4)
7 REPLIES 7
Advocate

Re: android device can not auth by ISE byod single ssid with wi

Hi,

You need to allow tcp 8905 in your acl.

Sent from Cisco Technical Support iPad App

Tarik Admani
*Please rate helpful posts*
Highlighted
Beginner

Re: android device can not auth by ISE byod single ssid with wi

HI

  It's my ACL add permit 8905

   1.permit tcp 8905 any any

    2.permit source ip = (ISE IP) any any

    3 permit dest ip=(ISE IP) any any

    3.permit dns any any

    4.permit dhcp any any

    6.permit googleplay any any

    7. deny any any

  still not working on android!!

Beginner

android device can not auth by ISE byod single ssid with wism c

did you get this to work?  only way i could was to open port 80 to google and allow some TW IP which users are redirected to when they download the app

Advocate

android device can not auth by ISE byod single ssid with wism c

Hi,

You are better off opening all access to google. This is what is recommended by cisco as well in some of the design guides.

Thanks,

Tarik Admani
*Please rate helpful posts*

Tarik Admani
*Please rate helpful posts*
Beginner

android device can not auth by ISE byod single ssid with wism c

but even opening all ports to google, which i dont like i wasnt able to get this to work.  so i did a packet capture and found googleplay didnt have the wifi supplicant and users were getting redirect to 206.169.145.209.  so i had to open access to that.  after playing with my ACL i found i only had to open http and https to google, which still isnt a solution since most people use google as their default search engine and will only be redirected to the device registration page when they try to browse to something outside of google. you said that cisco has guides that say you need to open all access to google, do you have a link?  the guides i found didnt mention that but mentioned other ports that i found are not required.

Advocate

android device can not auth by ISE byod single ssid with wism c

Hi,

I will try searching for the guides and the ports that are in the guide are not accurate much like you referenced. This was brought up while I was at a partner event at Cisco. If this is a problem with your customer as it is with mine, I create a playbook for onboarding android users and explicity explain that users must reach out to yahoo.com to trigger the redirection scenario.

Much like you found with your packet capture the ports highlighted in the current guides are not accurate to allow sufficient access to the google playstore and most communication is done over 80 and 443.

Thanks,

Tarik Admani
*Please rate helpful posts*

Tarik Admani
*Please rate helpful posts*
Beginner

android device can not auth by ISE byod single ssid with wism c

Hi

It's work download app only..

I allow any any to google ip (74.125.x.x) ( which ping play.google.com from my isp dns)

I can download app and install it

but  most important is fail

EXEC cisco network assistant

it's always show can not detect ISE server..

~~

WLC 4400 or WISM not support single ssid for android