07-01-2014 01:12 PM - edited 03-10-2019 09:50 PM
After the user logs into the portal and register its device I can´t seem to find a way for an auth policy to capture the data and permit the device into the network. So the flow would be MAB->CWA->Permit access if users are in identity group name "X". here is my auth policy that doesn´t work
07-01-2014 03:41 PM
I see that your authorization policy calls for a check if the device was registered. A device becomes registered either by using DRW (Device Registration Web Auth) or via the BYOD provisioning flow. Looking at your example I don't think you are using either one of those. I am guessing that if you remove that check in your condition then your authentications would be successful.
Hope this helps!
Thank you for rating helpful posts!
07-01-2014 05:18 PM
Thank you Neno,
I changed to policy to registered devices and wireless MAB and it worked but it seems too general and not that usefl security wise. It actually did was I was looking for in the registration flow, MAB then redirected to guest portal and then allowed the client to register its device then It granted access to a vlan with more priviledges.
I want to take out the self registration portal for guest users (or in this case corporate) and I did but then it goes back to the registration loop. It seems that I have not been able to catch the correct variables for the second authorization for this flow.
07-02-2014 01:07 PM
I agree that it would be nice to be able to do device registration and guest logins but that is just not there yet. I have suggested to Cisco so we can only hope that the feature makes it to ISE :)
If you are still having issues you should make the rules as simple as possible then test. If behavior is as expected then add more conditions. If you are still unable to figure it out post some screen shots from the Live Authentications window and then some screenshots from the detailed screen. Also, make sure that you don't have the "Enable Self-Provisioning Flow" enabled under the Operations tab in your HTML portal.
Thank you for rating helpful posts!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide