Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1348
Views
2
Helpful
2
Replies

ISE 2.4 Android 8 BYOD

Go to solution
dsserubi
Level 1
Level 1

‎06-18-2018 02:15 PM

Am attempting to perform Android BYOD in a lab using the BYOD portal and also tried within the Guest Flow. The strange thing is that after getting redirected and getting to the 3rd step where I need to download the NSA from play store (Already installed on the device), as soon as I launch the app and accept the certificates as per the prompts, ISE sends a COA terminate and the reason is because "posture status changed".

This causes the BYOD flow to fail because the original session was terminated and get an error message "Unable to download profile. (Have you logged into the guest portal?)". Am using NSP 2.2.0.54

AcsLogs,2018-06-18 20:16:44,596,DEBUG,0x7ff035e07700,cntx=0000174512,sesn=549fec63-ba40-4f3b-a093-e8724324540d,CPMSessionID=0a1f7ef4000000495b2872ee,CallingStationID=40-4e-36-3

b-11-11,Log_Message=[2018-06-18 20:16:44.596 +00:00 0000094915 5205 NOTICE Dynamic-Authorization: Dynamic Authorization succeeded, ConfigVersionId=91, Device IP Address=XX.XX.XX.XX, DestinationIPAddress=XX.XX.XX.XX, RequestLatency=3, NetworkDeviceName=WLC_244, NAS-IP-Address=XX.XX.XX.XX, Calling-Station-ID=40-4e-36-3b-11-11, Acct-Terminate-Caus

e=Admin Reset, Event-Timestamp=1529353004, cisco-av-pair=audit-session-id=0a1f7ef4000000495b2872ee, NetworkDeviceProfileName=Cisco, Device CoA type=Cisco CoA, Device CoA port=1

700, NetworkDeviceProfileId=b0699505-3150-4215-a80e-6753d45bf56c, IsThirdPartyDeviceFlow=false, PostureStatus=NonCompliant, AcsSessionID=549fec63-ba40-4f3b-a093-e8724324540d, S

tep=11201, Step=11217, Step=11100, Step=11101, NetworkDeviceGroups=IPSEC#Is IPSEC Device#No, NetworkDeviceGroups=WLC#WLC, NetworkDeviceGroups=Location#All Locations, NetworkDev

iceGroups=Device Type#All Device Types, NetworkDeviceGroups=ASA#ASA, CPMSessionID=0a1f7ef4000000495b2872ee, StepData=2=( port = 1700 \, type = Cisco CoA ), CoASourceComponent=P

osture, CoAReason=posture status changed, CoAType=Disconnect, WLC=WLC#WLC, Network Device Profile=Cisco, Location=Location#All Locations, Device Type=Device Type#All Device Typ

es, IPSEC=IPSEC#Is IPSEC Device#No, ASA=ASA#ASA, ],MessageFormatter.cpp:104

Checked some bugs that state updating the posture DB which I've done.

Any Ideas?

1 Accepted Solution

Accepted Solutions

Go to solution
hslai
Cisco Employee
Cisco Employee

‎06-19-2018 04:07 PM

I tried my Nexus 5X running Android 8.1 yesterday at our alpha deployment and it worked fine. Thus, it seems something wrong with your portals. I would suggest to try new portals.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
ldanny
Cisco Employee
Cisco Employee

‎06-19-2018 10:04 AM

Please have a look at some of the BYOD design guides so you can cross reference your setup.

How To: ISE & BYOD: Onboarding, Registering & Provisioning

ISE Design & Integration Guides SECTION - BYOD

Go to solution
hslai
Cisco Employee
Cisco Employee

‎06-19-2018 04:07 PM

I tried my Nexus 5X running Android 8.1 yesterday at our alpha deployment and it worked fine. Thus, it seems something wrong with your portals. I would suggest to try new portals.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents