cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

ISE Apple iOS BYOD Flow

1513
Views
7
Helpful
3
Comments
Cisco Employee

ISE Apple iOS BYOD Flow

3 Comments

I have several comments.

 

The first thing I noticed is that your HTTPS request was redirected to the BYOD portal. I had opened a TAC case and troubleshooted several times to get that to work, but never was successful. On another note, both TAC and Documentation says that redirecting https traffic is not recommended on the WLC. Is this still the case ? and is there a guide/document that explains how to setup the WLC to allow this to happen(Foreign/Anchor)?

 

Secondly,  My BYOD workflow does not require the installation of a cert. As long as they authenticate successfully (via SAML) we allow users to onboard devices. This being said it would be nice to get the Captive Portal to work instead of having Apple Users to open Safari (Different from Android/Windows; For these devices traffic auto redirects once device jumps on open network). Is there any workarounds/fixes to allow the same behavior of GuestNet Portals? Our GuestNet Portal works with Captive but BYOD doesnt. It would be nice if the EndUser can experience the same behavior no matter the device software/model. 

 

Thanks,

Rey 

Cisco Employee

It was not HTTPS redirect, if you watch the initial URL I used was apple.com, which used to be non secure site back in 2017.

I have AireOS config guide that covers the auto anchor setup in the appendix https://community.cisco.com/t5/security-documents/aireos-wlc-configuration-for-ise/ta-p/3918970#toc-hId--886952992

There is ISE 2.1 feature where you can start with Apple CNA https://community.cisco.com/t5/security-documents/dual-ssid-byod-with-apple-captive-network-assistant-cna-browser/ta-p/3642663


@howon Thanks for the speedy reply. That makes sense now (Http Redirect). Thanks for the documentation, unfortunately we have a single SSID flow

This widget could not be displayed.