I am building a wireless ISE solution that will service laptops (windows and OSX) via posture assessment, and mobile devices such as iphone, ipad and android.
I looking for help with the profiling of the android devices. I am using the profiler radius and HTTP probes, the radius probe appears to be sufficient for the laptops and the iphone/ipads.
HTTP has been introduced for the Androids as the radius probe wasn't receiving the user agent string from all the test android devices, for example a Samsung Galaxy S3 phone would send the user agent string and be profiled correctly, where as a Samsung Note 10.1 tablet wouldn't send the user agent string, so would be profiled as an unknown device.
I was attempting to keep it as seamless as possible for the end user. So I am not using device registrations, supplicant provisioning, etc. Obviously the posture assessment process isn't exactly semless, but once the users have downloaded the NAC client, etc, it is pretty seamless from a user interaction point of view, then on.
From the apple devices and the androids, I have an authorisation policy that says if the device is a profiled iphone/ipad/android, use CWA and guest portal, users login via AD creadentials and accept the AUP and away they go. Some of the androids ignore this policy and then match on the policy for the laptops (posture assessment). Once connected and in posture pending status, the redirection to the NAC agent page fails, but the android is then profiled correctly via the HTTP probe. If I attempt to browse again, I get redirected to the guest portal via CWA as the devices has been profiled as an Android and the user can login, accept the AUP and away they go.
I'd love to hear from people who have implemented android profiling in the production environments, and how you have done it?
I am aware that not using device registrations/supplicant provision, etc isn't exactly validated design, but for the purpose of the Android profiling, it shouldn't be relevant.
I am presently using ise 1.1.3
Huge thanks in advanced guys, any assistance is always greatly appreciated.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...