ISE BYOD implementation without Device Registration, endpoint cert

prathibha kota — Sat, 29 Jul 2023 09:31:46 GMT

Hello, we are looking to implement BYOD for our organization through ISE:

1) our intention is to basically allow only internet access for employees from their personal devices.

2) With the ISE BYOD flow, I understand that we could register and push endpoint certs to personal devices. However, since we do not want to manage nor provide any internal access to our network, can we still use ISE BYOD Flow with dedicated Captive Portal authentication but don't want to register the device nor push the certificates?

3) Can we use same interface on the PSN to host both GUEST and BYOD Portals?

Re: ISE BYOD implementation without Device Registration, endpoint cert

Rob Ingram — Sat, 29 Jul 2023 09:37:24 GMT

@prathibha kota so you want BYOD for employee personal devices but without requiring a certificate? In which case create a CWA portal that uses AD authentication, the users connect to the SSID and authenticate using their AD credentials, if you wish to restrict access to the internal network apply a Downloadable ACL (DACL).

Yes you can use the same interface or use a dedicated interface.

topic ISE BYOD implementation without Device Registration, endpoint cert in Network Access Control

ISE BYOD implementation without Device Registration, endpoint cert

Re: ISE BYOD implementation without Device Registration, endpoint cert