Last updated:
08-SEP-2017

Device Enrollment (for ISE Mobility Deep Dive v1.2)

Follow the steps below to complete device enrollment when demonstrating personal devices in the Cisco ISE demonstrations.

Depending on the software version of your device, the steps below may vary.

Scenario Credentials

The table below contains the scenario credentials that will be needed to complete device enrollment.

Table 1.         Scenario Credentials

Scenario / Vertical Username Password Access Level Connections Center Webpage
Healthcare doctor C1sco12345 Tier 1 – Full http://health.dcloud.cisco.com
Healthcare nurse C1sco12345 Tier 2 – Limited Access http://health.dcloud.cisco.com
Education dean C1sco12345 Tier 1 – Full Access http://edu.dcloud.cisco.com
Education professor C1sco12345 Tier 2 – Limited Access http://edu.dcloud.cisco.com
Federal captain C1sco12345 Tier 1 – Full Access http://federal.dcloud.cisco.com
Federal officer C1sco12345 Tier 2 – Limited Access http://federal.dcloud.cisco.com
Corporate manager C1sco12345 Tier 1 – Full Access http:/corp.dcloud.cisco.com
Corporate employee C1sco12345 Tier 2 – Limited Access http:/corp.dcloud.cisco.com
 N/A itadmin C1sco12345 Full Demo Access

Apple iOS Devices

If prompted while going through BYOD for a PIN or password, enter your device specific pin/password.

Follow the steps below to enroll Apple iOS devices.

  1. Connect to the wireless network.
  2. Go to Settings > Wi-Fi and connect to the network dCloud-Guest.
  3. Open a website to be redirected to the Guest Portal to perform onboarding.
  4. Open your built-in browser (Apple Devices: Safari)
  5. Attempt to connect to your Demo Scenario page (ex: corp.dcloud.cisco.com) and you will be redirected to the Guest portal.

If this doesn’t work try another http site, for example http://cnn.com

Be sure that the website you attempt to open uses HTTP, as HTTPS redirection is not supported in this demo.

  1. On the guest portal, login with the user credentials for your selected scenario, as shown in Table 1.

self-provisioning-portal-login

  1. Click Accept to accept the Acceptable Use Policy.

acceptable-use-policy

  1. Click Start on the BYOD welcome page

byod-welcome-page

  1. Fill out the device information and click continue

device-info-page

  1. Click Launch Apple Profile and Certificate Installers Now

apple-profile-and-cert

  1. On the Install Profile screen click Install to install the digital certificate for User Trust RSA Certification Authority.

topo

  1. Click Install on the Warning message that pops up
  1. Click Done on the profile installed screen

topo

  1. Click Install once again on the Install Profile screen to install the profile service, then click Install Now to verify

topo

 The first profile installation installs the CA root certificate, while the second profile installation installs the individual device certificate and the wireless settings needed to connect to the secure network

  1. Click Done on the profiled installed screen.

2017-11-01_17-28-30

    1. You are redirected to the Success page. Go to Settings > Wi-Fi forget the dCloud-Guest network and you should automatically connect to network dCloud-Registered.

If you are using iOS 11, you may get an error. However, you are still connected with escalated privileges. This is a known issue and a patch will come at a later date. Please see the following link with known issues with different clients connecting to the ISE demos – https://communities.cisco.com/docs/DOC-75784  

byod-success-page

Android Devices

If prompted while going through BYOD for a PIN or password, enter your device specific pin/password.

Some Android devices require an SD card to store security certificates. Please be aware that some Android devices might not work with this demonstration. Android is open source across cellular carriers and device vendors. Some vendors update their code more frequently than others. Compatibility with all devices cannot be guaranteed.

Follow the steps below to enroll Android devices.

  1. Go to Settings > Wi-Fi and connect to the network dCloud_Guest.
  2. Launch the default Android web browser and access the Connections Center Webpage for your selected scenario as shown in Table 1. Accept any HTTPS warnings if necessary.
  3. Login with the username and password for your selected scenario. You are redirected to the self-provisioning page.

Self-provisioning Portal

  1. Click Accept to accept the AUP.

Acceptable Use Policy

  1. Fill out the device information and click Continue.

Device Information Page

  1. Click Get Cisco Network Setup Assistant Now and install this App if not already installed. Ensure you are logged into the Play Store and download the application.  You may also close you web browser and use the Google Play Store application on your device to download the application.  If using a Pattern or Pin lock on your device, you may be prompted for this information to proceed.

If you have trouble with the download from within the demo environment, it is recommended you download the Cisco Network Setup Assistant via another network connection. (i.e. cellular, or Wi-Fi). Since Android is an open platform, we cannot account for all variations of the product.

Google Play Store App Installer

  1. Open Network Setup Assistant and click Start.  Wait for your Android to be provisioned and joined to the correct network.

Network Setup Asst

Mac OSX Workstations

  1. Connect to the wireless network.
  2. Click the wireless icon at the top of the desktop and connect to the network dCloud-Guest.
  3. Open a website to be redirected to the Guest Portal to perform onboarding.
  4. Open your built-in browser (Apple Devices: Safari)
  5. Attempt to connect to your Demo Scenario page (ex: corp.dcloud.cisco.com) and you will be redirected to the Guest portal.
  6. If you are prompted with a certificate warning, click continue

Be sure that the website you attempt to open uses HTTP, as HTTPS redirection is not supported in this demo.

  1. On the guest portal, login with the user credentials for your selected scenario, as shown in Table 1.

self-provisioning-portal-login2

  1. Click Accept to accept the AUP.

accept-aup

  1. Click Start on the BYOD welcome page

byod-welcome-page2

  1. Fill out the device information and click continue

dev-info-page

  1. You are brought to the install page. The Cisco Network Setup Assistant will automatically begin downloading in the background.  When it is done, open your downloads folder in finder and launch the SPW.tar.gz which extracts into cisco_network_setup_assistant.dmg.

launch-from-downloads-folder

  1. Double click the Cisco Network Setup Assistant icon.  You may be prompted with a warning that “Cisco Network Setup Assistant” is an application downloaded from the internet. Click Open on this warning to launch the application

You may need to change security settings in OSX in order to run the Cisco Network Setup Assistant application. By default, OSX will only allow you to install applications from Apple. If you get an error that the Cisco Network Setup Assistant cannot be run, you likely need to change security settings.  To do this go to System Preferences then Security & Privacy. At the bottom, in the section labeled Allow apps downloaded from: select the Anywhere radio button

network-setup
osx-app

  1. Click Start in the Network Setup Assistant. Click Continue on the verify certificate popup if necessary

network-setup-asst

  1. Enter your local computer credentials and click OK. These are the same credentials you use to login to your Mac. You may need to enter your credentials twice during this process, depending on your version of OSX due to security changes in OSX.

config-profile

  1. Click Exit on the network setup assistant after it successfully completes

fig26

  1. OSX should automatically switch you to the dCloud-Registered network. Verify you are now connected to the dCloud-Registered network
  2. Open Safari and enter the Connections Center Webpage that corresponds to your selected scenario (Table 1).

Windows Workstations

You must use the default Windows wireless client for this demo.

  1. Connect to the wireless network.
  2. Click the wireless icon and connect to the network dCloud-Guest.
  3. Open a website to be redirected to the Guest Portal to perform onboarding.
  4. Open your built-in browser (Windows: IE/EDGE)
  5. Attempt to connect to your Demo Scenario page (ex: corp.dcloud.cisco.com) and you will be redirected to the Guest portal.
  6. If you are prompted with a certificate warning, click continue

Be sure that the website you attempt to open uses HTTP, as HTTPS redirection is not supported in this demo.

  1. On the guest portal, login with the user credentials for your selected scenario, as shown in Table 1.

fig27

  1. Click Accept to accept the AUP.

fig28

  1. Click Start on the BYOD welcome page

fig29

  1. Fill out the device information and click continue.
  1. The Cisco Network Setup Assistant will be downloaded.  If you are prompted, save the file NetworkSetupAssistant.exe to your Downloads folder
  2. Launch the NetworkSetupAssistant.exe installer that was downloaded. Click Run on any security warnings
  3. Click Start and proceed through any certificate warning messages

fig31
fig32
fig33

  1. Click Exit on the network setup assistant after it successfully completes

fig34

  1. Windows should automatically switch you to the dCloud-Registered network. Verify you are now connected to the dCloud-Registered network
  2. Open IE or Firefox and enter the Connections Center Webpage that corresponds to your selected scenario (Table 1).