LAB: Configure BYOD
Below is the topology provided to configure in lab
Perform below task as per above topology.
- In this task we will configure BYOD Onboarding
- Create Customized My Device Portal
- Configure Certificate Authentication Profile so that Certificate can be automatically provisioned via IE Internal CA
- Configure Authentication & Authorization polices for BYOD Access and Finally Onboard Device
Navigate to Work Centers | BYOD | Overview and here you will see the entire Work Flow.
Here we have already done configuration for Prepare section in previous labs and Now we will move to define phase by clicking web Portals | My Device Portals | Click Create
Configure My Device Portal Setting and Customize it. Follow step by Step procedure as per below figure captured.
Scroll Up and Save.
Portal Authentication Modification:
Click on Work center | BYOD | Portals & Components | Under BYOD Click on Identity | Choose Identity Source Sequence | Edit MyDevices_Portal_Sequence
Move All-AD-Join_Points to the top of the list as shown in below figure, this is because most of the account are member of AD.
Scroll Down and Save.
Now Navigate to Work Centers | BYOD | Portals & Components | Choose My Device Portals and Edit Demo-My Device Portals.
To the right of Portal Name and Description. Click on Portal test URL.
My Device Portal page will be opened. Login with your AD Credentials as firstname.lastname@example.org | Agree to AUP and Sign On and Continue.
On Managed Device Section | Click ADD.
Review BYOD Portal Configuration:
Navigate to Work Center | BYOD | Portal & Components | Choose BYOD Portals and Review the Settings.
Under BYOD | Click Portals & Components | Expand Certificate | Select Certificate Template
Select the EAP_Authentication_Certificate_Template
Fill the details as per the below Screen Shots
Scroll Down and Click Save.
Client Provisioning & Native Supplicant Provisioning
Click Client Provisioning tab | Go to right of Cisco-ISE-NSP Rule and Select to Insert new policy above as shown in below figure.