Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1105
Views
10
Helpful
3
Replies

MDM in BYOD setup

vijay kumar
Level 2
Level 2

‎10-04-2013 12:20 AM - edited ‎07-04-2021 01:00 AM

Hi all ,

we are going to configure BYOD for wireless  in our lab. We are having the components of WLC ,ISE ,AP ,switch , router . Our requirements are

1) corporate laptop security check(some firewall updates are uptodate like that) through NAC agent with ISE.

2)   Guest laptops with normal guest internet without any cheking

3)corporate mobile devices andriod , blackberry , apple phones allowed to access BYOD WLAN . but andriod  devices are not allowed.

We are not sure about how we can integrate MDM in ISE . role of MDM ? . How to configure MDM for the last requirement we given.

Any freeware MDM supported by ISE.

Thanks ,

Regards,

Vijay

Labels:
0 Helpful
3 Replies 3

aqjaved
Level 3
Level 3

‎10-08-2013 10:29 AM

Case Solution:

MDM Integration Process Flow

This section describes the MDM  integration process:

1. http://www.cisco.com/en/US/i/templates/blank.gifThe user associates a device to  SSID.

2. http://www.cisco.com/en/US/i/templates/blank.gif(Optional) If the device is not  registered, the user goes through the device on-boarding flow.

3. http://www.cisco.com/en/US/i/templates/blank.gifCisco ISE makes an API call to the  MDM server.

4. http://www.cisco.com/en/US/i/templates/blank.gifThis API call returns a list of  devices for this user and the posture status for the devices.

5. http://www.cisco.com/en/US/i/templates/blank.gifIf the user's device is not in this  list, it means the device is not registered. Cisco ISE sends an  authorization request to the NAD to redirect to Cisco ISE. The user is  presented the MDM server page.

6. http://www.cisco.com/en/US/i/templates/blank.gifCisco ISE uses MDM to provision the  device and presents an appropriate page for the user to register the  device.

7. http://www.cisco.com/en/US/i/templates/blank.gifThe user registers the device in  the MDM server, and the MDM server redirects the request to Cisco ISE  (through automatic redirection or manual browser refresh).

8. http://www.cisco.com/en/US/i/templates/blank.gifCisco ISE queries the MDM server  again for the posture status.

9. http://www.cisco.com/en/US/i/templates/blank.gifIf the user's device is not  compliant to the posture (compliance) policies configured on the MDM  server, the user is notified that the device is out of compliance and  must be compliant.

10. http://www.cisco.com/en/US/i/templates/blank.gifAfter the user's device becomes  compliant, the MDM server updates the device state in its internal  tables.

11. http://www.cisco.com/en/US/i/templates/blank.gifIf the user refreshes the browser  now, the control is transferred back to Cisco ISE.

12. http://www.cisco.com/en/US/i/templates/blank.gifCisco ISE polls the MDM server once  every four hours to get compliance information and issues Change of  Authorization (CoA) appropriately.

Setting Up MDM Servers with Cisco  ISE

To set up MDM servers with Cisco  ISE, you must perform the following tasks:

3. http://www.cisco.com/en/US/i/templates/blank.gifConfigure ACLs on the  Wireless LAN Controllers.

For complete  configuration, please check the below link.

http://www.cisco.com/en/US/docs/security/ise/1.2/user_guide/ise_man_network_devices.html#wp1209564

vijay kumar
Level 2
Level 2
In response to aqjaved

‎10-08-2013 08:23 PM

Thanks a lot aqeel for the detailed steps......   But can you plase tell me any MDM server that I can use for trial period?

Thanks,

Regards,

Vijay.

0 Helpful

Abha Jha
Cisco Employee
Cisco Employee

‎10-08-2013 11:56 AM

MDM and BYOD are the new feature supported on ISE 1.2.

Please find the link to integrate MDM to ISE:-

http://www.cisco.com/en/US/docs/solutions/Enterprise/Borderless_Networks/Unified_Access/BYOD_MDM_Int.pdf

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card