Guys, when i sent down a profile using native suplicant for iphone, iphone gets it but it does not automatically selects TLS on the SSID.
Here is what happens:
Iphone connects to BOYD-SSID
client provision process
** if Auto-Login is selected problem with self registration!!!!!!!!
bunch of security errors, profile is downloaded
iphone reconnects to BOYD_SSID with credentials initilly entered (therfor MSCHAPv) not TLS
in client provisining cycle.
go back to BYOD-SSID and "forget the network", reconnect again, and manually selecting TLS and using the profile previously downloaded, and everything works!!!!
Too many freaking steps for BYOD!!!! I can't have my client tell his employees to do that.
I have not had the problems you are discussing, what version of code are you running and I assume you are using the single-ssid method? In my experience I have seen where the new profile over-writes the old peap profile and after COA hits the client then uses eap-tls to connect.
Can you provide screenshots of the experiences you are having?
*Please rate helpful posts*
I can get this info to you later on tonight or tomorrow morning.
Maybe i have a problem with CoA???
Do you need version of ISE and Ipad?
I have the same problem for iOS devices.
With the same configuration i have problems with Iphone 6 version 9.0.1 but not with iphone 4
So the problem seems not to be in CoA but in iOS process.
With Iphone 6 i need to " forgot the network" and then specified TLS configuration and choose username authentication + certificate that will be used for this username.
It would be helpful to see screenshots of your authorization policies, and the authentications dashboard. Also some information regarding your wireless setup.
Sent from Cisco Technical Support Android App
i got it to work!!!
I have a problem with ANdroid connecting to google play... I am using BYOD SSID connected via FLEXCONNECT, and my ACL does not allow google play no matter where i allow that traffic.
Can you point me into right direction where to modify ACL to allow google play during provisioning process.
Do you have the contents of the acl? Also where are you applying this acl? I have had challenges in deploying flexconnect with ISE but lets see how the client entry looks and what state the client is in when you hand down the provisioning acl from ISE.
Sent from Cisco Technical Support iPad App
Please find the link information all the configuration for client provisioning.
This has been reportedly fixed, as stated in the following link here.
My question is, what is the fix? Is it a workaround or is the client provisioning as simple as it used to be?