4.5.6. Operation

BYOD Operation involves executing a Wireless BYOD Workflow with user/password identification and SMS 2FA verification. Check how to configure it within the administration section.

When connecting to the Wi-Fi network, the WLC should automatically redirect the user to the ON Captive Portal for session authentication.

All available workflows in the domain are displayed in the Captive home. Click the Start button of the BYOD WiFi workflow to begin this captive execution.

../../_images/byod_bo_1.png


Note

In case there is only one workflow, the Captive Portal will start with that workflow automatically.

The workflow will begin, displaying the different steps required based on its configuration.

1. The first step is Authentication. This tab displays all fields required for the authentication. In this example:

  • Corporate credentials.

  • Phone number for two-step verification.

../../_images/byod_bo_2.png


2. After submitting the authentication details, you will be prompted to enter a PIN, which will be sent via SMS.

../../_images/byod_bo_8.png


../../_images/byod_bo_3.png


The dialog will indicate when the process is finished:

../../_images/byod_bo_4.png


The system will then welcome you to the network and redirect you to the specified link.

4.5.6.1. BYOD Wireless Policy Evaluation

Navigate to ON NAC > Business Profiles to visualize the connection:

../../_images/byod_bo_5.png


Click on the sauron_img icon to display its policy evaluation:

../../_images/byod_bo_6.png


The policy matched is called Captive SMS and it has tags associated to the policy:

../../_images/byod_bo_7.png


  • ONC_WEBAUTH_APPROVED: Indicates that the workflow is complete.

  • ONC_CAPTIVE_REGISTERED: Indicates that it is a BYOD workflow.

The source can be MAB or 802.1x (depending on the WLC), and the precondition is to assign the device to the Service VLAN, as shown in the image.