4.5.6. Operation

In this case, we are going the see the execution of a Guest workflow. This workflow is the BYOD_Wifi configured in the use case advanced operation with user/password Identification and SMS 2FA verification.

When connecting to the wifi network, the WLC should automatically redirect us to the ON Captive Portal to authenticate the session.

We can see all the workflows in the domain. Our workflow is the BYOD Wifi, so we will click on the Start button.

../../_images/byod_bo_1.png


Note

In case of having only one workflow, the captive would be initialized in that workflow.

The workflow will start, and we will see the different steps we need to pass according to the configuration.

The first step is the Authentication. In this tab, we will find all the fields configured in our workflow.

In this case, we will have to introduce:

  • Corporative credentials with which we want to authenticate.

  • Phone number for the two-step verification.

../../_images/byod_bo_2.png


When the authentication is submitted, a field will be displayed to enter a PIN. This PIN is received by an SMS on your phone.

../../_images/byod_bo_8.png


../../_images/byod_bo_3.png


This is the final step.

../../_images/byod_bo_4.png


It will welcome us to the network and it will redirect us to the link specified.

If we go to ON NAC -> Business Profiles in the corresponding view we will see a BYOD entry like this:

../../_images/byod_bo_5.png


../../_images/byod_bo_6.png


../../_images/byod_bo_7.png


The policy matched is BYOD, that we have configured in the advanced operation of this module.

We can see that it have three tags of that policy:

  • ONC_WEBAUTH_APPROVED: Indicates that the workflow is finished.

  • ONC_CAPTIVE_REGISTERED: Indicates that is a BYOD workflow.

The source can be MAB or 802.1x (depending on the WLC), and the precondition is to set the device to the Service VLAN, as we can see in the image.