Click on Add and choose Native Supplicant Profile (NSP) from the drop-down. Navigate to ISE > Work Centres > BYOD > Client Provisioning. Create a Native Supplicant Profile for a Wireless profile. You can use the default EAP_Certificate_Template. The template must have Client Authentication Enhanced Key Usage. Create a certificate template for BYOD users. Navigate to ISE > Administration > Network Devices > Add Network Device. Add network Device on ISE and configure RADIUS and shared key. ISE checks the new request from the client and verifies the EAP Method and Device Registration and gives full access to the device. Endpoint performs another authentication to the same SSID using the downloaded certificate using EAP-TLS. The NSA configures the Wireless supplicant and the client installs the certificate. NSA is installed on the end client and downloads the Profile and certificate from ISE. Once the Device Registration is done, the end-client downloads the Native Supplicant Assistant (NSA) from ISE. Once authenticated successfully on ISE, the user gets redirected to the BYOD Portal. First, the user connects to the SSID using the user name and password ( MSCHAPv2 ). In Single SSID BYOD only one SSID is used for both onboardings of devices and later giving full access to the Registered Devices. If your network is live, ensure that you understand the potential impact of any command. All of the devices used in this document started with a cleared (default) configuration. The information in this document was created from the devices in a specific lab environment. The information in this document is based on these software and hardware versions:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |