This document explains support for the Apple mini-browser for use in BYOD/Guest Flows using ISE 2.2. ISE has official support for Apple iOS and macOS to use with Guest and BYOD in ISE 2.2 and later. Some of these examples talk about using DNS based ACLs with your REDIRECT_ACL so be sure you WLC supports this.
CSCuv74219CSCus61445 - DNS-based ACL does not work. The bug is fixed 18.104.22.168 and 22.214.171.124 (check other versions as well)
If you want to have seamless flow for guests using mini-browser along with BYOD on the same controller then you can use one of the following options:
8.4 code will allow per WLAN captive portal bypass, see below
Dual SSID flow (open network for guests and employee BYOD), allows open network with mini-browser for guest/byod and then suppressed mini-browser in the BYOD flow
Single SSID BYOD - Use DNS based ACLs for the ACL_BYOD_REDIRECT and add URL captive.apple.com, ACL_GUEST_REDIRECT will redirect everything except for
8.4+ WLC code
You can have Open Guest network with no suppression (captive portal bypass disabled) of mini-browser and Single SSID network for BYOD suppressing (captive portal bypass enabled) the mini-browser.
Since we now support the mini-browser with ISE 2.2 there is no need to enable captive portal bypass on the controller. The client connects to the guest network and the mini-browser will pop and auto-login.
For single SSID there is no change in the behavior as the client is directed to go through the flow once and understand they must launch the browser. You will want to enable captive portal bypass per the options above or use DNS
Spoiler (Highlight to read)Hello everyone!I would like to know if OpenDNS can block command and control from a ransomware atack as Umbrella.Thanks!Hello everyone!I would like to know if OpenDNS can block command and control from a ransomware atack as Umbr...
I was on the fence if this should go in to the ISE category or WSA, but because it's platform specific to the WSA I settled on here.
I wondering what is the maximum number of IP-SGT bindings the WSA platforms can support. I have a customer that has an exi...
So I bought a 5506-X for my home to practice with a lot of equipment like a 3560-8pc, WLC2504 and 2 2702 access points. It's a huge project for a starter but I already hit a bump in the road. I got my ISP to bridge the cable modem so I can receive th...
Hi all, fairly new to Cisco and on an ISR4431 there is an aaa group named flex_aaa and i cannot find the correct command to see what users are in here and also to add a user to that specific group ? anyone point me in the right direction ?Thanks...