Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2549
Views
16
Helpful
5
Replies

BYOD Single versus Dual SSID Flow

Go to solution
GQ
Cisco Employee
Cisco Employee

‎07-17-2017 10:44 AM

just quick anectodal fact finding, do you advocate (or which do you mostly see) with BYOD: single or dual SSID registration flows?


assuming modern advances in iOS, Android, Windows, and WLC/ISE code?


Is it a simple question of 'if mobile OSs only, single SSID makes more sense' or 'if organization already has an open Guest SSID, use Dual'?

1 person had this problem
1 Accepted Solution

Accepted Solutions

Go to solution
hariholla
Cisco Employee
Cisco Employee

‎07-17-2017 01:49 PM

We do not have latest CVD on BYOD, but here's what we have from the last written document in this aspect:

Some considerations when selecting a single versus dual SSID configuration:

  • Some organizations prefer having a dedicated SSID for on-boarding devices.
  • Others see dual SSID as an extra management burden.
  • A second SSID adds channel overhead.
  • Enabling too many SSIDs may degrade wireless performance.

The organization’s unique requirements and preferences will dictate which model to deploy. The configurations of both the ISE and WLC may be easily modified to support either single or dual SSID deployments.

Cisco Unified Access (UA) and Bring Your Own Device (BYOD) CVD - BYOD Wireless Infrastructure Design [Design Zone for En…

View solution in original post

5 Replies 5

Go to solution
gbekmezi-DD
Level 5
Level 5

‎07-17-2017 01:40 PM

Since you are asking for anecdotal feedback, I prefer single SSID whenever possible.

Go to solution
hariholla
Cisco Employee
Cisco Employee

‎07-17-2017 01:49 PM

We do not have latest CVD on BYOD, but here's what we have from the last written document in this aspect:

Some considerations when selecting a single versus dual SSID configuration:

  • Some organizations prefer having a dedicated SSID for on-boarding devices.
  • Others see dual SSID as an extra management burden.
  • A second SSID adds channel overhead.
  • Enabling too many SSIDs may degrade wireless performance.

The organization’s unique requirements and preferences will dictate which model to deploy. The configurations of both the ISE and WLC may be easily modified to support either single or dual SSID deployments.

Cisco Unified Access (UA) and Bring Your Own Device (BYOD) CVD - BYOD Wireless Infrastructure Design [Design Zone for En…

Go to solution
howon
Cisco Employee
Cisco Employee
In response to hariholla

‎07-17-2017 09:17 PM

Adding to Hari's list:

Pros of Single-SSID:

  • User experience is better for iDevice users as SSID switching from OPEN to SECURED does not require user intervention
  • This is a unique capability of ISE where competitor solution forces user to login twice while ISE can take user information from 802.1X session without asking for the user to login again to the web portal
  • Fast-SSID change does not need to be enabled on the WLC

Pros of Dual-SSID:

  • Can provide visible guidance to the user on the BYOD process before logging in

Go to solution
Craig Hyps
Level 10
Level 10
In response to howon

‎07-18-2017 03:37 AM

Other cases where dual-SSID may be favored include:

* ID Store is LDAP and cannot start with PEAP with MSCHAPv2 currently to LDAP store

* Wired deployment where cannot assume client already has 802.1X enabled on wired interface.

Go to solution
howon
Cisco Employee
Cisco Employee

‎07-27-2017 07:38 AM

FYI, I've consolidated the answers here:

ISE BYOD: Dual vs. Single SSID Onboarding

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents