Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ISE Using my device Portal , devices still in pending registration status

Abstract:
I'm on ISE 1.2 patch 8.
We want give access wireless to devices mobile using 802.1x with Active Directory. The condition is that he previously the user must register mobile device in "my device portal"


-The corporate user connected from the LAN network,   login in "my device portal"  using their active directory account and register your device.
-The policy defined in ISE indicates that 802.1x users in a group of AD and over condition "RegistredDevices" can access to the network (see screen 1)


-Users access the wireless network from your mobile device by entering its name from AD and finally accesses the network.
-From my "devices portal" devices always shows “Pending” status. All works as expected except for this situation.



Can you please help?

Regards,

Marco Muñoz

Everyone's tags (2)
6 REPLIES

Have you tried selecting and

Have you tried selecting and deleting the endpoints from ISE's endpoint database? Delete them and reregister

New Member

does not work, still in

does not work, still in pending status.

 

 

New Member

It looks like you dont have

It looks like you dont have any provisioning profiles configured.

Under Admin settings make sure client provisioning is enabled. Try to set native supplicant provisioning policy unavailable: to Allow Network Access. 
Cisco Employee

I had seen this before and it

I had seen this before and it was due to a bug. What version and patch are you running ?

 

Thank you for rating helpful posts!

Thank you for rating helpful posts!
New Member

I am also seeing the same

I am also seeing the same issue, we are running version 1.2.1 with patch 1 (latest).

Please see below of my Endpoints output from ISE.

Any ideas?

New Member

I use ISE 1.3 and experience

I use ISE 1.3 and experience the same - did you ever get this sorted out ?

 

 

What I am trying to do, is to make a portal where super-users can add MAC adresse, which the in turns are allowed on the LAN.
Devices like printers, and other devices not running dot1x supplicants, and are not profilled.
I have noticed the new device portals, in the ISE 1.3 and also the auto-purge function. I kinda like it and want to use these features to support MAB devices via MAC Address Bypass, managed by super-user (AD integrated login)
But I need to fully understand the flow.


When I add a MAC via the mydeviceportal, it says the state i "pending"
When will a device registered via device portals, go to state "registered" ?
and hence stay in the InternalIdentityStore

http://www.cisco.com/c/en/us/td/docs/security/ise/1-3/mydevices/b_mydevices_13.html

1198
Views
0
Helpful
6
Replies
CreatePlease to create content