cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2952
Views
0
Helpful
14
Replies
Highlighted
Enthusiast

ISE , BYOD iphone issue!! client provisioning

Guys, when i sent down a profile using native suplicant for iphone, iphone gets it but it does not automatically selects TLS on the SSID.

Here is what happens:

Iphone connects to BOYD-SSID

credentials enter

client provision process

** if Auto-Login is selected problem with self registration!!!!!!!!

bunch of security errors, profile is downloaded

iphone reconnects to BOYD_SSID with credentials initilly entered (therfor MSCHAPv) not TLS

in client provisining cycle.

NOW!!!!

go back to BYOD-SSID and "forget the network", reconnect again, and manually selecting TLS and using the profile previously downloaded, and everything works!!!!

Too many freaking steps for BYOD!!!! I can't have my client tell his employees to do that.

ANy ideas.....

CCIE 18676
14 REPLIES 14
Advocate

ISE , BYOD iphone issue!! client provisioning

Marcin,

I have not had the problems you are discussing, what version of code are you running and I assume you are using the single-ssid method? In my experience I have seen where the new profile over-writes the old peap profile and after COA hits the client then uses eap-tls to connect.

Can you provide screenshots of the experiences you are having?

Thanks,

Tarik Admani
*Please rate helpful posts*

Tarik Admani
*Please rate helpful posts*
Enthusiast

ISE , BYOD iphone issue!! client provisioning

I can get this info to you later on tonight or tomorrow morning.

Maybe i have a problem with CoA???

Do you need version of ISE and Ipad?

CCIE 18676
Beginner

Hi All,

Hi All,

I have the same problem for iOS devices.

With the same configuration i have problems with Iphone 6 version 9.0.1 but not with iphone 4

So the problem seems not to be in CoA but in iOS process.

With Iphone 6 i need to " forgot the network" and then specified TLS configuration and choose username authentication + certificate that will be used for this username.

regards

Advocate

Re:ISE , BYOD iphone issue!! client provisioning

It would be helpful to see screenshots of your authorization policies, and the authentications dashboard. Also some information regarding your wireless setup.


Sent from Cisco Technical Support Android App

Tarik Admani
*Please rate helpful posts*
Enthusiast

ISE , BYOD iphone issue!! client provisioning

i got it to work!!!

I have a problem with ANdroid connecting to google play... I am using BYOD SSID connected via FLEXCONNECT, and my ACL does not allow google play no matter where i allow that traffic.

Can you point me into right direction where to modify ACL to allow google play during provisioning process.

CCIE 18676
Advocate

Re: ISE , BYOD iphone issue!! client provisioning

Hi,

Do you have the contents of the acl? Also where are you applying this acl? I have had challenges in deploying flexconnect with ISE but lets see how the client entry looks and what state the client is in when you hand down the provisioning acl from ISE.

Thanks,

Sent from Cisco Technical Support iPad App

Tarik Admani
*Please rate helpful posts*
Enthusiast

ISE , BYOD iphone issue!! client provisioning

I applied to the FLEXCONNECT WEB POLICY as it says in the PDF.

CCIE 18676
Beginner

What did you do to fix the

What did you do to fix the problem with Auto-Login. I have the same problem!

Beginner

This one fixed my problem:

Enthusiast

Re: ISE , BYOD iphone issue!! client provisioning

           

           in this state using flex connect i need to go to google play.. and it does not work

CCIE 18676
Participant

ISE , BYOD iphone issue!! client provisioning

Please find the link information all the configuration for client provisioning.

http://www.cisco.com/en/US/docs/security/ise/1.1.1/user_guide/ise_client_prov.html

hi one o four client having

hi one o four client having registration problem we have registered the client mac but every day its promoting to registration please help me 

 

screen shot attached....

 

the iphone model is 5c and latest ios version

Beginner

Hi All,

Hi All,

I have the same problem for iOS devices.

With the same configuration i have problems with Iphone 6 version 9.0.1 but not with iphone 4

So the problem seems not to be in CoA but in iOS process.

With Iphone 6 i need to " forgot the network" and then specified TLS configuration and choose username authentication + certificate that will be used for this username.

Impossible to explain to our customer.

regards

Beginner

Re: ISE , BYOD iphone issue!! client provisioning

This has been reportedly fixed, as stated in the following link here.

 

My question is, what is the fix? Is it a workaround or is the client provisioning as simple as it used to be?