Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
111
Views
0
Helpful
1
Replies

ISE BYOD DNS/Certificates

pinglis
Level 7
Level 7

‎11-18-2025 06:33 AM

We are looking at setting up BYOD using ISE. We already have a guest SSID configured and plan to use a new BYOD SSID (single SSID method). My question relates to the DNS name and certificate configuration for the BYOD registration portal.

My original thought was to set up a new DNS name/certificate for BYOD, so it would be different from the guest access, e.g.

guest.company,com

byod.company.com

But default the guest and BYOD portals use the same port 8443 and therefore have to use the same portal group/certificate.

This got me thinking what if any is the technical/security benefit of using different DNS name?

What about BYOD Retry URL? Would it cause an issue if this pointed to the guest DNS name?

 

0 Helpful
1 Reply 1

Greg Gibbs
Cisco Employee
Cisco Employee

‎11-18-2025 01:23 PM

Both the Guest and BYOD flows are redirect flows. The Portal session needs to redirect to the same PSN that handles the RADIUS session, so it makes no sense to define 'friendly' FQDNs in the certificate for either of these flows as they will not be used.

See the Cisco ISE BYOD Prescriptive Deployment Guide 

0 Helpful
Customers Also Viewed These Support Documents