Ise 1.2 Device Registration not auto filling the MAC field
I have installed 1.2 and when guests login, they get the new (not improved imo) device registration portal, but the field where they have to enter the MAC adress is empty, I can remember it was prefilled in previous ISE versions.
Is this normal beheavior on 1.2? I have configured calling station ID on MAC instead of IP, any other things that I need to configure to get this working?
90% of the users doesnt know what a MAC adress is, or where to find it.
We have the same problem with CWA+DRW (Device Registration Webauth). We don't use NSP. Just the scenario describen in the Cisco slides.
Problem 1: MAC address is not prefilled.
Problem 2: After entering the MAC address manually the registration is successful but the client does not access any websites until it reconnects to the SSID. The slides clearly state that a CoA should happen after DRW but we do not see it happening.
A slight difference: in version 1.2 DRW happens after web authentication and it is not possible to click a Device Registration link avoiding the user/password authentication.
Peter, I am glad you like my slides (although not sure I ever published this version outside Cisco!).
Steven, It sounds like you have enabled the option in the Guest Portal to allows Device Registration. This option is intended to be used by Guest accounts only and does NOT support auto-populate of MAC address. This was a very limited feature introduced in 1.0.
This feature should not be confused with the DRW or NSP flows for device registration. For the purposes of device registration with web auth, both CWA+DRW and CWA+NSP flows are working in ISE 1.2 Patch 7. However, CWA+NSP flow will not work for guest user accounts if enable the Supplicant Provisioning option in the web portal. The intent of the NSP flow is for employee accounts doing BYOD, and not for guest users. That said, it will still work if redirect successfully authenticated guest users to NSP using the Network_Access:UseCase=Guest_Flow condition (and optional match on Guest role).
I would recommend CWA+DRW option for Guest users as it is simpler, more streamlined, and you can specify a unique Identity Group such as "GuestEndpoints" to these devices. This makes future cleanup easier and maintains them separately from employee RegisteredDevices. ISE 1.2 ERS API can be used to programmatically to delete these endpoints periodically.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :