https://community.cisco.com/t5/network-access-control/ise-or-acs-eap-tls-or-profiling-only-on-same-ssid/m-p/2554554#M89595 <P>Thanks for your answer.</P><P>Devices without certificates are not a smartphone but a specific device that cant receive a certificat from ISE.</P><P>My use case is not possible (answer from my&nbsp;Cisco support)&nbsp;so I will close this topic.</P> Fri, 04 Jul 2014 10:24:25 GMT Patrick Tran 2014-07-04T10:24:25Z https://community.cisco.com/t5/network-access-control/ise-or-acs-eap-tls-or-profiling-only-on-same-ssid/m-p/2554552#M89589 <P>Hi,</P><P>I can configure only one SSID on which 2 types of devices have to connect:</P><UL><LI>Devices with certificates connect on this SSID using EAP-TLS</LI><LI>Devices without certificates that ISE profiles (or ACS checks their MAC Addresses)</LI></UL><P>Could this work?</P><P>How can I configure this type of SSID on WLC?</P><UL><LI>802.1X works</LI><LI>802.1X+MacFiltering Works.</LI><LI>I didnt succeed to configure 802.1X OR MAC Filtering...</LI></UL><P>&nbsp;</P><P>Thanks for your help,</P><P>Patrick</P><P>&nbsp;</P><P>&nbsp;</P> Mon, 11 Mar 2019 04:51:19 GMT https://community.cisco.com/t5/network-access-control/ise-or-acs-eap-tls-or-profiling-only-on-same-ssid/m-p/2554552#M89589 Patrick Tran 2019-03-11T04:51:19Z https://community.cisco.com/t5/network-access-control/ise-or-acs-eap-tls-or-profiling-only-on-same-ssid/m-p/2554553#M89591 <P>Have you checked the BYOD guide below? Refer the Authentication rules</P><P>http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Borderless_Networks/Unified_Access/BYOD_Design_Guide/BYOD_ISE.html</P> Fri, 04 Jul 2014 09:46:01 GMT https://community.cisco.com/t5/network-access-control/ise-or-acs-eap-tls-or-profiling-only-on-same-ssid/m-p/2554553#M89591 Saurav Lodh 2014-07-04T09:46:01Z https://community.cisco.com/t5/network-access-control/ise-or-acs-eap-tls-or-profiling-only-on-same-ssid/m-p/2554554#M89595 <P>Thanks for your answer.</P><P>Devices without certificates are not a smartphone but a specific device that cant receive a certificat from ISE.</P><P>My use case is not possible (answer from my&nbsp;Cisco support)&nbsp;so I will close this topic.</P> Fri, 04 Jul 2014 10:24:25 GMT https://community.cisco.com/t5/network-access-control/ise-or-acs-eap-tls-or-profiling-only-on-same-ssid/m-p/2554554#M89595 Patrick Tran 2014-07-04T10:24:25Z https://community.cisco.com/t5/network-access-control/ise-or-acs-eap-tls-or-profiling-only-on-same-ssid/m-p/2554555#M89599 <P>Hi Patrick,&nbsp;</P><P>Yes, that´s possible, You can use MAB for devices that cannot handle certificates on the same SSID.&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Fri, 04 Jul 2014 18:22:36 GMT https://community.cisco.com/t5/network-access-control/ise-or-acs-eap-tls-or-profiling-only-on-same-ssid/m-p/2554555#M89599 Roger Base 2014-07-04T18:22:36Z https://community.cisco.com/t5/network-access-control/ise-or-acs-eap-tls-or-profiling-only-on-same-ssid/m-p/2554556#M89603 <P>Hello Patrick-</P><P>Unfortunately, I don't believe this is currently possible in the Cisco wireless world with a single SSID. For your example, you will need two separate SSIDs. Something similar has been asked before:</P><P><A href="https://supportforums.cisco.com/discussion/11941331/isewireless-nacone-ssid-mab-and-dot1x">https://supportforums.cisco.com/discussion/11941331/isewireless-nacone-ssid-mab-and-dot1x</A></P><P>Hope this helps!</P><P>&nbsp;</P><P><EM>Thank you for rating helpful posts!</EM></P> Tue, 08 Jul 2014 06:08:24 GMT https://community.cisco.com/t5/network-access-control/ise-or-acs-eap-tls-or-profiling-only-on-same-ssid/m-p/2554556#M89603 nspasov 2014-07-08T06:08:24Z