View Cart
0 Items | Total: US$0.00
Welcome,      Register

You are here

SEC0276 - ISE 2.2 BYOD Wired 802.1X Onboarding (Part 3)

Rating: 
5
Average: 5 (2 votes)
Difficulty Level: 
0
Lab Document: 
<Please login to see the content>
Video Download: 
Title: SEC0276 - Video Download $17.00
Purchase SEC0276 - Video Download $17.00
The video walks you through the entire process of wired BYOD onboarding on Cisco ISE 2.2. We will be leveraging ISE Internal CA to issue a client certificate. A user will be able to connect a wired personal devices and login with AD credential to register the device with ISE. We will show different key web portals including MyDevices Portal where user can manage their BYOD devices. The testing is performed on non-domain Windows computer.
 
Part 3 of this video covers BYOD testing and device management on My Devices Portal
 
Topic:
  • ISE Internal CA
  • Certificate Template
  • Endpoint Identity Group
  • Client Provisioning
  • Native Supplicant Profile
  • BYOD Portal
  • MyDevices Portal
    • Lost and Stolen Device
  • Blacklist Portal
  • Sponsored Guest Portal
  • Authorization Profile
    • Downloadable ACL
  • Endpoint Purging

About Author

Metha Chiewanichakorn, CCIE#23585 (Ent. Infra, Sec, SP), is a Cisco networking enthusiast with years of experience in the industry. He is currently working as a consulting engineer for a Cisco partner. As a founder of and an instructor at labminutes.com, Metha enjoys learning and challenges himself with new technologies.

2 comments

Hi

i made all the configuration step by step but i received below error when install the Network Setup Assistant to change the interface setting and install profile(LM_NSP_Wired) , i change the NSP (LM_NSP_Wired) profile setting from TLS to be PEAP the client install successful but when i chose TLS and CA internal certificate it give me attached error

"Secure access configuration fo the 'Ethernet0' network failed"

SPW log

Wed Sep 25 19:04:44 2019] Logging started
[Wed Sep 25 19:04:44 2019] SPW Version: 2.2.0.52
[Wed Sep 25 19:04:44 2019] System locale is [en]
[Wed Sep 25 19:04:44 2019] Loading messages for english...
[Wed Sep 25 19:04:44 2019] Initializing profile
[Wed Sep 25 19:04:44 2019] SPW is running as High integrity Process - 12288
[Wed Sep 25 19:04:44 2019] GetProfilePath: searched path = C:\Users\TEST-PC\AppData\Local\Temp\ for file name = spwProfile.xml result: 0
[Wed Sep 25 19:04:44 2019] GetProfilePath: searched path = C:\Users\TEST-PC\AppData\Local\Temp\Low for file name = spwProfile.xml result: 0
[Wed Sep 25 19:04:46 2019] Profile xml not found Downloading profile configuration...
[Wed Sep 25 19:04:46 2019] Downloading profile configuration...
[Wed Sep 25 19:04:46 2019] Discovering ISE using default gateway
[Wed Sep 25 19:04:46 2019] Identifying wired and wireless network interfaces, total active interfaces: 1
[Wed Sep 25 19:04:46 2019] Network interface - mac:00-50-56-8B-01-4F, name: Ethernet0, type: unknown
[Wed Sep 25 19:04:46 2019] Identified default gateway: 150.1.7.230
[Wed Sep 25 19:04:46 2019] Identified default gateway: 150.1.7.230, mac address: 00-50-56-8B-01-4F
[Wed Sep 25 19:04:46 2019] DiscoverISE - start
[Wed Sep 25 19:04:46 2019] DiscoverISE input parameter : strUrl [http://150.1.7.230/auth/discovery]
[Wed Sep 25 19:04:46 2019] [HTTPConnection] CrackUrl: host = 150.1.7.230, path = /auth/discovery, user = , port = 80, scheme = 3, flags = 0
[Wed Sep 25 19:04:46 2019] [HTTPConnection] HttpSendRequest: header = Accept: */*
headerLength = 12 data = dataLength = 0
[Wed Sep 25 19:04:46 2019] Received redirect to location null
[Wed Sep 25 19:04:46 2019] HTTP Response header: [HTTP/1.1 302 Page Moved

Location: https://ISE01.tahaluf.com:8443/portal/gateway?sessionId=0A0A08FE0000001A...

Pragma: no-cache

Cache-Control: no-cache

] HTTP Content: []
[Wed Sep 25 19:04:46 2019] Discovered ISE - : [ISE01.tahaluf.com, sessionId: 0A0A08FE0000001A0C329774]
[Wed Sep 25 19:04:46 2019] DiscoverISE - end
[Wed Sep 25 19:04:46 2019] Successfully Discovered ISE: ISE01.tahaluf.com, session id: 0A0A08FE0000001A0C329774, macAddress: 00-50-56-8B-01-4F
[Wed Sep 25 19:04:46 2019] GetProfile - start
[Wed Sep 25 19:04:46 2019] [HTTPConnection] CrackUrl: host = ISE01.tahaluf.com, path = /auth/provisioning/evaluate?typeHint=SPWConfig&referrer=Windows&mac_address=00-50-56-8B-01-4F&spw_version=2.2.0.52&session=0A0A08FE0000001A0C329774&os=Windows All, user = , port = 8905, scheme = 4, flags = 8388608
[Wed Sep 25 19:04:46 2019] [HTTPConnection] HttpSendRequest: header = Accept: */*
headerLength = 12 data = dataLength = 0
[Wed Sep 25 19:04:57 2019] Warning - [HTTPConnection:RetrySendRequest] InternetOpen() failed with code: [12057], msg: [It was not possible to connect to the revocation server or a definitive response could not be obtained.

]
[Wed Sep 25 19:04:57 2019] [HTTPConnection] All CRL Checks are off
[Wed Sep 25 19:04:57 2019] [HTTPConnection] HttpSendRequest: header = Accept: */*
headerLength = 12 data = dataLength = 0
[Wed Sep 25 19:04:57 2019] Received redirect to location null
[Wed Sep 25 19:04:57 2019] [HTTPConnection] CrackUrl: host = ISE01.tahaluf.com, path = /auth/provisioning/download/2c45e5b5-357f-4c6b-87ce-421425bd6d66/LM_NSP_Wired.xml?sessionId=0A0A08FE0000001A0C329774&os=WINDOWS_10_ALL, user = , port = 8443, scheme = 4, flags = 8388608
[Wed Sep 25 19:04:57 2019] [HTTPConnection] HttpSendRequest: header = Accept: */*
headerLength = 12 data = dataLength = 0
[Wed Sep 25 19:04:57 2019] GetProfile - end
[Wed Sep 25 19:04:57 2019] Successfully retrieved profile xml
[Wed Sep 25 19:04:57 2019] using V2 xml version
[Wed Sep 25 19:04:57 2019] parsing wired connection setting
[Wed Sep 25 19:04:57 2019] Certificate template: [keytype:RSA, keysize:2048, subject:OU=IT;O=tahaluf;C=ue, SAN:MAC]
[Wed Sep 25 19:04:57 2019] set ChallengePwd
[Wed Sep 25 19:04:57 2019] Starting parsing proxy configuration
[Wed Sep 25 19:04:57 2019] ProxySettings key was not found in the configuration xml
[Wed Sep 25 19:04:57 2019] found redirect URL:
[Wed Sep 25 19:04:57 2019] Identifying wired and wireless network interfaces, total active interfaces: 1
[Wed Sep 25 19:04:57 2019] Network interface - mac:00-50-56-8B-01-4F, name: Ethernet0, type: unknown
[Wed Sep 25 19:04:57 2019] WirelessProfile::StartWLanSvc - Start
[Wed Sep 25 19:04:57 2019] Wlansvc service is in Auto mode ...
[Wed Sep 25 19:04:57 2019] Wlansvc is running in auto mode...
[Wed Sep 25 19:04:57 2019] WirelessProfile::StartWLanSvc - End
[Wed Sep 25 19:04:57 2019] Found [0] wireless interfaces ...
[Wed Sep 25 19:04:57 2019] Identifying wired and wireless interfaces...
[Wed Sep 25 19:04:57 2019] Found wired interface - [ name:Ethernet0, mac address:00-50-56-8B-01-4F]
[Wed Sep 25 19:04:57 2019] Wired interface [Ethernet0] will be configured...
[Wed Sep 25 19:04:57 2019] Host - [ name:TEST-PC1, mac addresses:00-50-56-8B-01-4F]
[Wed Sep 25 19:04:58 2019] ApplyProfile - Start...
[Wed Sep 25 19:04:58 2019] User Id: wbyod@tahaluf.com, sessionid: 0A0A08FE000000130825B2ED, Mac: 00-50-56-8B-01-4F, profile: LM_NSP_Wired
[Wed Sep 25 19:04:58 2019] applying certificate for wired connection
[Wed Sep 25 19:04:58 2019] ApplyCert - Start...
[Wed Sep 25 19:04:58 2019] using ChallengePwd
[Wed Sep 25 19:04:58 2019] creating certificate with subject = wbyod@tahaluf.com and subjectSuffix = OU=IT;O=tahaluf;C=ue
[Wed Sep 25 19:04:59 2019] Installed CA cert for authMode user - Failed, Error code:[1336]
[Wed Sep 25 19:04:59 2019] ApplyCert - End...
[Wed Sep 25 19:04:59 2019] number of wireless connections to configure: 0
[Wed Sep 25 19:04:59 2019] Configuring SSID proxies ...
[Wed Sep 25 19:04:59 2019] Failed to configure the device.
[Wed Sep 25 19:04:59 2019] ApplyProfile - End...

Does the user has local admin access on the computer? Have you tried on a difference computer? Are you using ISE local CA or external via SCEP?