Hello.

In this video, we will access the lab network with our iPad to see that it
matches the smart devices authorization policy that was created in another lab
task. We'll start by accessing the iPad in the lab. Once on the iPad, we'll click
on Settings and then Wi-Fi to verify the Wi-Fi status of the iPad. The iPad in my
lab isn't currently connected to any Wi-Fi networks. However, I'll go ahead and
connect to my pod's guest network, 20-guest, to show you the steps that you may
need to follow if your lab iPad is already connected to a network.
The blue check mark next to the network name indicates that the iPad is connected.
To disconnect it, I'll click on the blue information circle with the "i" to the
right of the network name. Then I'll click on Forget this Network, and then click
on Forget a second time in the confirmation dialog box. The goal before moving
forward is that the Wi-Fi status on the iPad shows as Not Connected.
After we have verified that the iPad is not connected, we'll return to the ISE
Admin portal and then navigate to Work Centers, Profiler, and then Endpoint
Classification. We'll locate the entry for the iPad in the list of endpoints. Based
on the endpoint profile showing as Apple-iPad along with the OUI showing us Apple,
Inc, I can see that the iPad is the fifth device listed on my system.
I'll click the check box to select that endpoint and then click on the trash can at
the top of the list to start the deletion of that entry. I'll choose Selected to
delete only the selected entry, and then I'll click on Yes to confirm the deletion
of the entry. The entry is then deleted from the list.
Next, I'll go to the web console of the Virtual Wireless LAN Controller, or vWLC,
in my lab. On the vWLC, I'll navigate to MONITOR on the top tabs and then click on
Client in the left navigation bar. If the client list still shows the iPad, I'll
click on the MAC address for the client to view the client details. And from there,
I'll click on the Remove button at the top-right part of the page to remove this
client from the WLC's client list. I'll click on OK to close the confirmation box
and to return to the client list.
If the client still shows, I may need to refresh the display to verify that it has
been removed. Now I'll return to the iPad and reconnect it to the guest network for
my pod. If I'm not still on the Wi-Fi Settings page, I'd click on Settings and then
Wi-Fi to get back to this page. Then I'll scroll down the list of available
networks and click on my pod's guest network, 20-guest, to connect back to it.
The blue check mark indicates a successful connection. But I'll use the Home button
to return to the home screen on the iPad and then run the Safari browser from
there. Note that if your lab has been configured with a captive portal on the guest
WLAN, you may need to log in to the portal using the username of employee1 at
demo.local and the password of ICEisCOOL. My guest network is not configured with a
captive portal.
Once I have verified connectivity, I'll close my iPad viewer and return to the ISE
Admin portal. From the Admin portal, I'll navigate to Operations, Radius, and then
Live Logs. Once I locate my iPad and then scroll to the right, I can see that it is
assigned the guest access authorization profile. Next, I'll navigate to Contact
Visibility and then Endpoints. The iPad is showing in the endpoint list again.
When I click on its MAC address and then click on the Attributes tab, I'll scroll
about halfway down the page. And from there, I can see that the logical profile
assignment is Mobile Devices and then Approved_Smart_Devices, which is the logical
profile that was created in an earlier lab.
In the final few steps in this lab, I'll do some cleanup. I'll now navigate to
Policy and then Policy Sets. Once that page loads, I'll enter into the
Wireless_Access policy set. Then, I will open the Authorization Policy.
In there, I'll locate the Smart Devices rule and then click on the check mark to
the left of it to disable that rule. The green check mark should turn into a gray
disabled symbol. Once I'm sure that the rule has been disabled, I will scroll to
the bottom of the page and then click Save to save my change.