Home > Cisco > Interface > Cisco Ise 13 User Guide

Cisco Ise 13 User Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Cisco Ise 13 User Guide. The Cisco manuals for Interface are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 381

    Page 381 CHAPTER 16 Support Device Access •PersonalDevicesonaCorporateNetwork(BYOD),page335 •PersonalDevicePortals,page336 •SupportDeviceRegistrationUsingNativeSupplicants,page341 •DevicePortalsConfigurationTasks,page342 •ManagePersonalDevicesAddedbyEmployees,page355 •MonitorMyDevicesPortalsandEndpointsActivity,page356 Personal Devices on a Corporate Network (BYOD) Whensupportingpersonaldevicesonacorporatenetwork,youmustprotectnetworkservicesandenterprise... 
    CHAPTER 16
Support Device Access
•PersonalDevicesonaCorporateNetwork(BYOD),page335
•PersonalDevicePortals,page336
•SupportDeviceRegistrationUsingNativeSupplicants,page341
•DevicePortalsConfigurationTasks,page342
•ManagePersonalDevicesAddedbyEmployees,page355
•MonitorMyDevicesPortalsandEndpointsActivity,page356
Personal Devices on a Corporate Network (BYOD)
Whensupportingpersonaldevicesonacorporatenetwork,youmustprotectnetworkservicesandenterprise...

    Page 382

    Page 382 ServiceNodeispartofanodegroup,andonenodefails,theothernodesdetectthefailureandresetany pendingsessions. •MonitoringNode—TheMonitoringnodecollects,aggregates,andreportsdataabouttheend-userand deviceactivityontheMyDevices,Sponsor,andGuestportals.IftheprimaryMonitoringnodefails, thesecondaryMonitoringnodeautomaticallybecomestheprimaryMonitoringnode. Global Settings for Device Portals ChooseWorkCenters>BYOD>Settings>EmployeeRegisteredDevicesorAdministration>Device PortalManagement>Settings.... 
    ServiceNodeispartofanodegroup,andonenodefails,theothernodesdetectthefailureandresetany
pendingsessions.
•MonitoringNode—TheMonitoringnodecollects,aggregates,andreportsdataabouttheend-userand
deviceactivityontheMyDevices,Sponsor,andGuestportals.IftheprimaryMonitoringnodefails,
thesecondaryMonitoringnodeautomaticallybecomestheprimaryMonitoringnode.
Global Settings for Device Portals
ChooseWorkCenters>BYOD>Settings>EmployeeRegisteredDevicesorAdministration>Device
PortalManagement>Settings....

    Page 383

    Page 383 Access Device Portals Procedure Step 1ToaccessanyoftheDeviceportals,youcaneither: •ClickAdministration>DevicePortalManagement.TheConfigureandCustomizeDevicePortals pagedisplaysthelistofsupportedDeviceportals. •ChooseAdministration>DevicePortalManagement.ThesupportedDeviceportalsdisplayinthe drop-downmenu. Step 2Selectthespecificdeviceportalthatyouwanttoconfigure. Blacklist Portal Employeesdonotaccessthisportaldirectly,butareredirectedtoit.... 
    Access Device Portals
Procedure
Step 1ToaccessanyoftheDeviceportals,youcaneither:
•ClickAdministration>DevicePortalManagement.TheConfigureandCustomizeDevicePortals
pagedisplaysthelistofsupportedDeviceportals.
•ChooseAdministration>DevicePortalManagement.ThesupportedDeviceportalsdisplayinthe
drop-downmenu.
Step 2Selectthespecificdeviceportalthatyouwanttoconfigure.
Blacklist Portal
Employeesdonotaccessthisportaldirectly,butareredirectedtoit....

    Page 384

    Page 384 PersonalDevicesonaCorporateNetwork(BYOD),onpage335 Client Provisioning Portal Employeesdonotaccessthisportaldirectly,butareredirectedtoit. TheClientProvisioningsystemprovidespostureassessmentsandremediationsfordevicesthatareattempting togainaccesstoyourcorporatenetwork.Whenemployeesrequestnetworkaccessusingtheirdevices,you canroutethemtoaClientProvisioningportalandrequirethemtofirstdownloadthepostureagent.The postureagentscansthedeviceforcompliance,suchasverifyingthatvirusprotectionsoftwareisinstalledon... 
    PersonalDevicesonaCorporateNetwork(BYOD),onpage335
Client Provisioning Portal
Employeesdonotaccessthisportaldirectly,butareredirectedtoit.
TheClientProvisioningsystemprovidespostureassessmentsandremediationsfordevicesthatareattempting
togainaccesstoyourcorporatenetwork.Whenemployeesrequestnetworkaccessusingtheirdevices,you
canroutethemtoaClientProvisioningportalandrequirethemtofirstdownloadthepostureagent.The
postureagentscansthedeviceforcompliance,suchasverifyingthatvirusprotectionsoftwareisinstalledon...

    Page 385

    Page 385 whenaguest(whoisnotanemployee)registersadeviceusingtheGuestDeviceRegistrationpageinthe credentialedGuestportals,becausetheseareBYODattributesusedonlyduringemployeedeviceregistration. RegardlessofwhetheremployeesregistertheirdevicesusingtheBYODortheMyDevicesportals,theycan usetheMyDevicesportaltomanagethem. Related Topics CreateaMyDevicesPortal,onpage352 BYOD Deployment Options and Status Flow TheBYODdeploymentflowsthatsupportpersonaldevicesvaryslightlybasedonthesefactors:... 
    whenaguest(whoisnotanemployee)registersadeviceusingtheGuestDeviceRegistrationpageinthe
credentialedGuestportals,becausetheseareBYODattributesusedonlyduringemployeedeviceregistration.
RegardlessofwhetheremployeesregistertheirdevicesusingtheBYODortheMyDevicesportals,theycan
usetheMyDevicesportaltomanagethem.
Related Topics
CreateaMyDevicesPortal,onpage352
BYOD Deployment Options and Status Flow
TheBYODdeploymentflowsthatsupportpersonaldevicesvaryslightlybasedonthesefactors:...

    Page 386

    Page 386 andstartthesetupwizard,whichgeneratesthesupplicantconfigurationandissuedcertificateused toconfigurethedevice. 4ChangeofAuthorizationIssued—Aftertheusergoesthroughtheonboardingflow,CiscoISEinitiates aChangeofAuthorization(CoA).ThiscausestheMacOSX,Windows,andAndroiddevicestoreconnect tothesecure802.1Xnetwork.ForsingleSSID,iOSdevicesalsoconnectautomatically,butfordualSSID, thewizardpromptsiOSuserstomanuallyconnecttothenewnetwork.... 
    andstartthesetupwizard,whichgeneratesthesupplicantconfigurationandissuedcertificateused
toconfigurethedevice.
4ChangeofAuthorizationIssued—Aftertheusergoesthroughtheonboardingflow,CiscoISEinitiates
aChangeofAuthorization(CoA).ThiscausestheMacOSX,Windows,andAndroiddevicestoreconnect
tothesecure802.1Xnetwork.ForsingleSSID,iOSdevicesalsoconnectautomatically,butfordualSSID,
thewizardpromptsiOSuserstomanuallyconnecttothenewnetwork....

    Page 387

    Page 387 anauthorizationpolicyforthissituation.Forexample,IFEndpointIdentityGroupisBlacklist ANDBYOD_is_RegisteredTHENDenyAccess. AnAdministratorperformsanactionthatdisablesnetworkaccessforseveraldevices,suchasdeleting orrevokingacertificate. Ifauserreinstatesastolendevice,thestatusrevertstonotregistered.Theusermustdeletethatdevice, andaddthatitback.Thatstartstheonboardingprocess. •Lost—TheuserlogsontotheMyDevicesportal,andmarksacurrentlyonboardeddeviceasLost.That causesthefollowingactions:... 
    anauthorizationpolicyforthissituation.Forexample,IFEndpointIdentityGroupisBlacklist
ANDBYOD_is_RegisteredTHENDenyAccess.
AnAdministratorperformsanactionthatdisablesnetworkaccessforseveraldevices,suchasdeleting
orrevokingacertificate.
Ifauserreinstatesastolendevice,thestatusrevertstonotregistered.Theusermustdeletethatdevice,
andaddthatitback.Thatstartstheonboardingprocess.
•Lost—TheuserlogsontotheMyDevicesportal,andmarksacurrentlyonboardeddeviceasLost.That
causesthefollowingactions:...

    Page 388

    Page 388 Allow Employees to Register Personal Devices Using Credentialed Guest Portals EmployeesusingcredentialedGuestportalscanregistertheirpersonaldevices.Theself-provisioningflow suppliedbytheBYODportalenablesemployeestoconnectdevicestothenetworkdirectlyusingnative supplicants,whichareavailableforWindows,MacOS,iOS,andAndroiddevices. Before You Begin Youmustcreatethenativesupplicantprofiles. Procedure Step 1ChooseGuestAccess>Configure>GuestPortals. Step... 
    Allow Employees to Register Personal Devices Using Credentialed Guest Portals
EmployeesusingcredentialedGuestportalscanregistertheirpersonaldevices.Theself-provisioningflow
suppliedbytheBYODportalenablesemployeestoconnectdevicestothenetworkdirectlyusingnative
supplicants,whichareavailableforWindows,MacOS,iOS,andAndroiddevices.
Before You Begin
Youmustcreatethenativesupplicantprofiles.
Procedure
Step 1ChooseGuestAccess>Configure>GuestPortals.
Step...

    Page 389

    Page 389 Aftercreatinganewportaloreditingadefaultone,youmustauthorizetheportalforuse.Onceyouauthorize aportalforuse,anysubsequentconfigurationchangesyoumakeareeffectiveimmediately. YoudonotneedtoauthorizetheMyDevicesportalforuse. Ifyouchoosetodeleteaportal,youmustfirstdeleteanyauthorizationpolicyrulesandauthorizationprofiles associatedwithitormodifythemtouseanotherportal. UsethistableforthetasksrelatedtoconfiguringthedifferentDeviceportals. My Devices Portal MDM PortalClient Provisioning Portal BYOD... 
    Aftercreatinganewportaloreditingadefaultone,youmustauthorizetheportalforuse.Onceyouauthorize
aportalforuse,anysubsequentconfigurationchangesyoumakeareeffectiveimmediately.
YoudonotneedtoauthorizetheMyDevicesportalforuse.
Ifyouchoosetodeleteaportal,youmustfirstdeleteanyauthorizationpolicyrulesandauthorizationprofiles
associatedwithitormodifythemtouseanotherportal.
UsethistableforthetasksrelatedtoconfiguringthedifferentDeviceportals.
My Devices
Portal
MDM PortalClient
Provisioning
Portal
BYOD...

    Page 390

    Page 390 My Devices Portal MDM PortalClient Provisioning Portal BYOD PortalBlacklist Portal Task NotRequiredRequiredRequiredRequiredNotapplicableCreate Authorization Profiles,onpage 353 OptionalOptionalOptionalOptionalOptionalCustomizeDevice Portals,onpage 355 Enable Policy Services TosupporttheCiscoISEend-userwebportals,youmustenableportal-policyservicesonthenodeonwhich youwanttohostthem. Procedure Step 1ChooseAdministration>System>Deployment Step 2ClickthenodeandclickEdit. Step... 
    My Devices
Portal
MDM PortalClient
Provisioning
Portal
BYOD PortalBlacklist
Portal
Task
NotRequiredRequiredRequiredRequiredNotapplicableCreate
Authorization
Profiles,onpage
353
OptionalOptionalOptionalOptionalOptionalCustomizeDevice
Portals,onpage
355
Enable Policy Services
TosupporttheCiscoISEend-userwebportals,youmustenableportal-policyservicesonthenodeonwhich
youwanttohostthem.
Procedure
Step 1ChooseAdministration>System>Deployment
Step 2ClickthenodeandclickEdit.
Step...
    Start reading Cisco Ise 13 User Guide

    Related Manuals for Cisco Ise 13 User Guide

    All Cisco manuals