Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1536
Views
0
Helpful
4
Replies

can we limit 1 device per SSID and per user ID on ISE?

Go to solution
jpoh
Cisco Employee
Cisco Employee

‎06-12-2016 10:13 PM

Hi Team,

my ISE customer has two SSID, SSID_Prod and SSID_Internet. SSID_Prod is for office laptop where it went thru posture validation. SSID_Internet is for staff's own devices and can only go to Internet. Both SSID is using staff_ID to do authentication.

Can we limit only 1 device per SSID_Internet per user ID? This mean 1 staff can only have 1 device connected to SSID_Internet.

Appreciate for your advise

Regards &

Have a nice day

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎06-13-2016 09:28 AM

There is not a way to do this directly, you could profile corporate resources or put them into an endpoint database and now allow them to connect to the internet SSID for example

if corporate device and WLAN ID then deny access or send them to a portal that says (see hotspot message portal under guest and web auth)

If non-corporate and internal ID then deny access or send to a message portal.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
tertang@cisco.com
Cisco Employee
Cisco Employee

‎06-13-2016 06:11 AM

Only the Guest and BYOD flows supports that now.

You don't have that control for normal network access users.

0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee

‎06-13-2016 09:28 AM

There is not a way to do this directly, you could profile corporate resources or put them into an endpoint database and now allow them to connect to the internet SSID for example

if corporate device and WLAN ID then deny access or send them to a portal that says (see hotspot message portal under guest and web auth)

If non-corporate and internal ID then deny access or send to a message portal.

0 Helpful

Go to solution
jpoh
Cisco Employee
Cisco Employee
In response to Jason Kunst

‎06-13-2016 05:18 PM

Thanks Jason,

how about limiting 2 devices per user ID? Each staff will have 1 corporate laptop connecting to SSID_Prod. This will left 1 device for staff to connect their own smart phone to SSID_Internet. They are using 802.1x with their AD credential.

Regards &

Have a nice day

0 Helpful

Go to solution
Jason Kunst
Cisco Employee
Cisco Employee
In response to jpoh

‎06-14-2016 07:44 AM

If you're using AD credentials you could send them through BYOD for their personal devices and only allow them to register 1 device in the BYOD portal.

For corporate devices you can put a corporate certificate on them and only allow those devices to access the internal network. Or register their MAC addresses for their corporate machines and based access of an endpoint group.

0 Helpful
Customers Also Viewed These Support Documents