Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Ise 1.2 Device Registration not auto filling the MAC field

Hello

I have installed 1.2 and when guests login, they get the new (not improved imo) device registration portal, but the field where they have to enter the MAC adress is empty, I can remember it was prefilled in previous ISE versions.

Is this normal beheavior on 1.2? I have configured calling station ID on MAC instead of IP, any other things that I need to configure to get this working?

90% of the users doesnt know what a MAC adress is, or where to find it.

Greetings

Steven

Everyone's tags (5)
9 REPLIES
Cisco Employee

Ise 1.2 Device Registration not auto filling the MAC field

Steven,

You're most likely looking for NSP or CWA + provisioing flow (even without actual provisioning)  to pre-fill MAC field.

I did not test it out yet in 1.2 but that's the way it was in 1.1

M.

New Member

Ise 1.2 Device Registration not auto filling the MAC field

CWA + provisioing flow did not make any difference, still no MAC adress

Cisco Employee

Ise 1.2 Device Registration not auto filling the MAC field

Steven,

Pretty odd, I don't have a setup up and running at the moment, but are you possitive you have profiling enabled on this node (RADIUS,HTTP should be OK).

Else, I'll have a look next week where I'll have possibility to test, if you're in a hurry - just open a TAC case.

M.

Silver

We have the same problem with

We have the same problem with CWA+DRW (Device Registration Webauth). We don't use NSP. Just the scenario describen in the Cisco slides.

Problem 1:   MAC address is not prefilled.

Problem 2: After entering the MAC address manually the registration is successful but the  client does not access any websites until it reconnects to the SSID. The slides clearly state that a CoA should happen after DRW but we do not see it happening.

 

A slight difference: in version 1.2 DRW happens after web authentication and it is not possible to click a Device Registration link avoiding the user/password authentication.

 

 

 

 

 

Version1.2.0.899
Installed Patches7
Cisco Employee

Peter, I am glad you like my

Peter, I am glad you like my slides (although not sure I ever published this version outside Cisco!).

Steven, It sounds like you have enabled the option in the Guest Portal to allows Device Registration.  This option is intended to be used by Guest accounts only and does NOT support auto-populate of MAC address.  This was a very limited feature introduced in 1.0.

This feature should not be confused with the DRW or NSP flows for device registration.  For the purposes of device registration with web auth, both CWA+DRW and CWA+NSP flows are working in ISE 1.2 Patch 7.  However, CWA+NSP flow will not work for guest user accounts if enable the Supplicant Provisioning option in the web portal. The intent of the NSP flow is for employee accounts doing BYOD, and not for guest users.  That said, it will still work if redirect successfully authenticated guest users to NSP using the Network_Access:UseCase=Guest_Flow condition (and optional match on Guest role).

I would recommend CWA+DRW option for Guest users as it is simpler, more streamlined, and you can specify a unique Identity Group such as "GuestEndpoints" to these devices.  This makes future cleanup easier and maintains them separately from employee RegisteredDevices.  ISE 1.2 ERS API can be used to programmatically  to delete these endpoints periodically.

Hope that helps to clarify.

Cisco Employee

Ise 1.2 Device Registration not auto filling the MAC field

I would suggest you to open TAC case.

Ise 1.2 Device Registration not auto filling the MAC field

Can you check and see if cookies is enabled on the client? Which devices are experiencing this issue and what browsers are they using?

Tarik Admani
*Please rate helpful posts*

Tarik Admani *Please rate helpful posts*
New Member

Hi Tarik,I'm having this

Hi Tarik,

I'm having this exact issue.  Is there a fix available?

Environment

- ISE 1.2 patch 6

- 1X and Web Auth redirects both don't provide MAC address

- iOS7, OSX Safari / Firefox / Chrome, Windows IE / Firefox

 

Look forward to your prompt response.

A

Silver

Why do you think profiling is

Why do you think profiling is necessary for this to work?

480
Views
0
Helpful
9
Replies
CreatePlease to create content