Showing results for 
Search instead for 
Did you mean: 

Acl redirect byod single ssid android googleplay

Level 1
Level 1
hello everyone, as indicated I have a ssid dedicated to the android 8-13 phone allowing internal users allowing them to use their personal phone.

currently they connect to the ssid by providing an active directory identifier if the authentication is successful they are redirected by my wlc 9800 to a captive guest portal allowing them to put their identifier and password if the authentication is successful they are now redirected to the byod interface with a link to googleplay except that in my controller I have an acl redirect with popup and authorize url in the flex which is called googleplay-acl which I call in the policy in cisco av-pair in addition to the acl which serves as redirection

except that when users click on the link the nsa file does not download and I do not see any traffic going out on my firewall.

what should I do so that my ise 3.x and my wlc9800 allow with a single ssid to allow downloading on the net for googleplay and for applestore

I'm lost and no procedure is clear either on YouTube or in the official documents.

I would like not to have to use the certification authority of the ise but that of my pki.

Moreover, the ISE already uses a certificate for all the services coming from my pki which is based on two servers, a root ca and a sub ca.

I even created a model certificate coming from my pki sub which assigns automatic enroll when an IP is assigned with the possibility of giving the choice of free subject name.

provisioning uses the correct pattern for the ssid for android and iphone and windows.

for windows I have an error when I download the nsa indicating that it does not contact the ise and that I have to try to disconnect from the ssid and reconnect.

for android this never goes to googleplay despite the exceptions which are put in the pre-auth urls and which are used in the flex and in the profile on the wlc 9800 wifi controller

and in the ise.

for Apple it's worse I get the message nothing happens and I don't go through the step which asks me to give a name to my device etc...

for android I still get to the next step.

I'm sure the ACL has something to do with it but I have no choice if I want a pop-up and a direct redirection.

except that after no internet exit and redirection to my device and certificate generated.

what should I do so that the certificates are generated only by my pki and not by ise. thank you very much


0 Replies 0
Review Cisco Networking for a $25 gift card