Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1494
Views
5
Helpful
3
Replies

ISE BYOD question regarding MSCEP certificate request

Go to solution
kpeters011
Level 1
Level 1

‎11-15-2017 03:04 PM - edited ‎02-21-2020 10:39 AM

In the BYOD model for certificate request/retrieval is the returned certificate from an external MCSEP (Microsoft 2012 R2 server CA) uniquely identified by the device MAC address or username?? If the same device was to attempt network access/authentication through the ISE BYOD portal will it always get the same certificate??

Can BYOD portal be setup to handle wired access attempts (as opposed to wireless)??

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎11-15-2017 07:30 PM

Hi

When doing byod, on the device provisioning certificate, the username will be used as CN and Mac address as SAN.

If the same device is making a new request the cn and san will be the same but the certificate will be different as the serial number will change for example. You can check that on your windows ca server, each time you request a certificate from the same device it will generate a new certificate.

For wired byod, yes you can implement that. Here a Cisco documentation:
https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Borderless_Networks/Unified_Access/BYOD_Design_Guide/BYOD_Wired.html

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

3 Replies 3

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎11-15-2017 07:30 PM

Hi

When doing byod, on the device provisioning certificate, the username will be used as CN and Mac address as SAN.

If the same device is making a new request the cn and san will be the same but the certificate will be different as the serial number will change for example. You can check that on your windows ca server, each time you request a certificate from the same device it will generate a new certificate.

For wired byod, yes you can implement that. Here a Cisco documentation:
https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Borderless_Networks/Unified_Access/BYOD_Design_Guide/BYOD_Wired.html

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

Go to solution
kpeters011
Level 1
Level 1
In response to Francesco Molino

‎11-16-2017 07:49 AM

Thanks! This was helpful!

0 Helpful

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni
In response to kpeters011

‎11-16-2017 06:29 PM

You're welcome!

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful
Customers Also Viewed These Support Documents