cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1001
Views
15
Helpful
7
Replies

BYOD Onboarding without SCEP

ahurtadove
Level 1
Level 1

Hi community,

 

I was asking myself, can I configure single SSID BYOD Onboarding without SCEP? I'm in this position where I want the users to connect and register their own devices using MSCHAP as inner method but I don't want to provide certificates with SCEP as this is a platform I don't have access to.

It might be losing the whole purpose of BYOD but I just need users to register and de-register their own devices taking the MAC Address administration burden out of IT.

 

Thanks in advance

1 Accepted Solution

Accepted Solutions

waynesymes
Level 1
Level 1

Hi Antonio,

ISE does support BYOD with EAP-PEAPv0 MSCHAPv2 or EAP-TLS profiles. You can build a supplicant provisioning profile to do only PEAP for the supported platforms (Windows, Android, MacOSX and iOS).

 

View solution in original post

7 Replies 7

waynesymes
Level 1
Level 1

Hi Antonio,

ISE does support BYOD with EAP-PEAPv0 MSCHAPv2 or EAP-TLS profiles. You can build a supplicant provisioning profile to do only PEAP for the supported platforms (Windows, Android, MacOSX and iOS).

 

Thank you Wayne, I will definitely try it out during this week.

Regards

No access to the blog post, is it just me?

Is it possible to post the pdf?

Cheers

Can't access either

Check it out now

Indeed it worked.

I even took out the whole Google Play procedure by going into Administration -> Settings -> CLient provisioning (left side pane) and changed "Native Supplicant Provisioning Policy Unavailable" to "Allow Network Access"

Didn't know this was possible.

Thank you

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: