After the user logs into the portal and register its device I can´t seem to find a way for an auth policy to capture the data and permit the device into the network. So the flow would be MAB->CWA->Permit access if users are in identity group name "X". here is my auth policy that doesn´t work
I see that your authorization policy calls for a check if the device was registered. A device becomes registered either by using DRW (Device Registration Web Auth) or via the BYOD provisioning flow. Looking at your example I don't think you are using either one of those. I am guessing that if you remove that check in your condition then your authentications would be successful.
I changed to policy to registered devices and wireless MAB and it worked but it seems too general and not that usefl security wise. It actually did was I was looking for in the registration flow, MAB then redirected to guest portal and then allowed the client to register its device then It granted access to a vlan with more priviledges.
I want to take out the self registration portal for guest users (or in this case corporate) and I did but then it goes back to the registration loop. It seems that I have not been able to catch the correct variables for the second authorization for this flow.
I agree that it would be nice to be able to do device registration and guest logins but that is just not there yet. I have suggested to Cisco so we can only hope that the feature makes it to ISE :)
If you are still having issues you should make the rules as simple as possible then test. If behavior is as expected then add more conditions. If you are still unable to figure it out post some screen shots from the Live Authentications window and then some screenshots from the detailed screen. Also, make sure that you don't have the "Enable Self-Provisioning Flow" enabled under the Operations tab in your HTML portal.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :