collapse

Search


User Info

 
 
Welcome, Guest. Please login or register.
Did you miss your activation email?

Author Topic: About ISE 1.3 (SEC0190) Dual SSID onboarding  (Read 8716 times)

Offline tomimma

  • Cisco Newbie
  • *
  • Posts: 11
  • Reputation: 0
  • Certification: CCIE
About ISE 1.3 (SEC0190) Dual SSID onboarding
« on: March 03, 2015, 10:22:18 AM »
Hi
During configuration, "Centralized Web Auth" is selected under Web Redirection in AuthZ profile setting.
For single SSID onboarding, "Native Supplicant Provisioning" was selected. So, I am a bit confused. Is there any particular reason to choose "CWA" instead of "Native Supplicant Provisioning"? Or this has to be "CWA"?
My guess is it would work with "Native Supplicant Provisioning" and define this portal under "administration" -> "Device Portal Management" -> BYOD portal.
If so, what would be the benefit to use CWA?

Thanks!

Offline MC

  • Global Moderator
  • Cisco Guru
  • *****
  • Posts: 398
  • Reputation: 606
  • CCIE x3 (RS,Sec,SP)
  • Certification: CCIE
Re: About ISE 1.3 (SEC0190) Dual SSID onboarding
« Reply #1 on: March 04, 2015, 10:50:06 PM »
For Single SSID, you can send user directly to "Native Supplicant Provisioning" to immediately begin onboarding since the user should have already been authenticated via 802.1x. For dual-SSID, you need to send user to a web login since the SSID is open and as part of the Guest portal config have the allow employee to onboard setting configured so users are presented with an option to onboard after a successful web login. So you wouldn't really use the "Native Supplicant Provisioning" in dual-SSID.
The "administration" -> "Device Portal Management" -> BYOD portal is only for portal customization and doesn't really affect the onboarding process.

Offline tomimma

  • Cisco Newbie
  • *
  • Posts: 11
  • Reputation: 0
  • Certification: CCIE
Re: About ISE 1.3 (SEC0190) Dual SSID onboarding
« Reply #2 on: March 05, 2015, 12:08:45 AM »
Hi MC,

Very clear and thanks for detailed explanation. Now that totally makes sense!
I guess need to work a lot on ISE...  :(

Offline daynomate

  • Cisco Newbie
  • *
  • Posts: 1
  • Reputation: 0
  • Certification: CCNP
Re: About ISE 1.3 (SEC0190) Dual SSID onboarding
« Reply #3 on: June 11, 2015, 09:15:48 PM »
Hi MC, firstly thanks so much for your fantastic detailed videos. I've been able to sort out my Guest and BYOD very nicely.

The Native vs CWA redirect is something I came across because I am not using an open SSID for Guest or provisioning.

I have two SSIDs: Guest and BYOD but both are 802.1X. On ISE AuthC i only allow PEAP-MSCHAPv2 for Guest and it looks up either the Internal Guest DB or AD. If it's an AD user I redirect it to BYOD and when they're provisioned they go to the BYOD SSID which allows EAP-TLS only. Perhaps it's overboard - I could potentially do it on one SSID but later on I might want to have them on different VLANs

My big question - is it possible to have a Native redirect for Guest? In the portal list it only gives options for the BYOD portals, not Guest but in my case it would be very handy. Without that I am faced with either allowing the Guests directly on once they've auth'd with PEAP, or make them login a second time if I wanted them to get the Portal interface (AUP acceptance, password change etc)

Offline MC

  • Global Moderator
  • Cisco Guru
  • *****
  • Posts: 398
  • Reputation: 606
  • CCIE x3 (RS,Sec,SP)
  • Certification: CCIE
Re: About ISE 1.3 (SEC0190) Dual SSID onboarding
« Reply #4 on: June 16, 2015, 09:08:07 PM »
What you can try is after a successful guest authentication via 802.1x/PEAP, redirect them to a Hostspot portal, instead of a Sponsored Guest, so all they need to do is clicking to accept AUP and gain access. Would that work?

 

Related Topics

  Subject / Started by Replies Last post
1 Replies
8200 Views
Last post September 03, 2013, 08:27:27 PM
by MC
1 Replies
9489 Views
Last post March 17, 2014, 09:55:04 PM
by MC
2 Replies
7912 Views
Last post May 29, 2014, 12:37:28 AM
by abhisheksha
10 Replies
13043 Views
Last post January 05, 2016, 10:26:35 PM
by MC
0 Replies
7840 Views
Last post January 31, 2018, 02:16:19 PM
by tomimma

SimplePortal 2.3.7 © 2008-2024, SimplePortal