Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1983
Views
3
Helpful
7
Replies

What is the difference "Guest access" and "BYOD" in ISE?

Go to solution
JustTakeTheFirstStep
Level 4
Level 4

‎06-09-2023 02:40 AM

I feel similar between "Guest access" and "BYOD" in ISE.

Both are authenticated through the web portal and authorized to the network.

I'd like to know what the difference is.

byod.pngguest.png

0 Helpful
3 Accepted Solutions

Accepted Solutions

Go to solution
marce1000
Hall of Fame
Hall of Fame

‎06-09-2023 03:13 AM

 

 - Check this thread : https://community.cisco.com/t5/network-access-control/byod-vs-guest-services-in-ise/td-p/3079419

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

View solution in original post

Go to solution
Nancy Saini
Cisco Employee
Cisco Employee

‎06-09-2023 06:45 AM

By default, the self-registrered guest portal is used for guest and BYOD. If the user logs in with corporate credentials it goes through client provisioning which is the BYOD flow. If the user enters the guest credentials that it would go through the guest flow.

NancySaini_0-1686318317215.png

 

View solution in original post

Go to solution
thomas
Cisco Employee
Cisco Employee

‎06-12-2023 04:47 PM

BYOD == Bring Your Own Device == "Employee personal endpoints".  BYOD policy can vary greatly from organization to organization. Some only want to know "it's my employee's device" while others want to provisioning identity certificates for authentication, and others may want to install MDM applications for greater management and risk avoidance in exchange for more network privileges and "greater productivity" using any device the employee chooses.

Guest == "Non-employee Internet only" although some organizations treat employee personal endpoints as Guest endpoints, too.

In ISE, the BYOD flow authenticates against your users with an organization's identity store and then determines if it should be merely registered or provisioned with a certificate or MDM. Guest goes through a portal for Hotspot, Self-Registered, or Sponsored access, depending on what you require.

View solution in original post

0 Helpful
7 Replies 7

Go to solution
marce1000
Hall of Fame
Hall of Fame

‎06-09-2023 03:13 AM

 

 - Check this thread : https://community.cisco.com/t5/network-access-control/byod-vs-guest-services-in-ise/td-p/3079419

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Go to solution
Nancy Saini
Cisco Employee
Cisco Employee

‎06-09-2023 06:45 AM

By default, the self-registrered guest portal is used for guest and BYOD. If the user logs in with corporate credentials it goes through client provisioning which is the BYOD flow. If the user enters the guest credentials that it would go through the guest flow.

NancySaini_0-1686318317215.png

 

Go to solution
JustTakeTheFirstStep
Level 4
Level 4
In response to Nancy Saini

‎06-09-2023 09:54 AM

I understand

Can you give me the source URL of the image?

0 Helpful

Go to solution
Nancy Saini
Cisco Employee
Cisco Employee
In response to JustTakeTheFirstStep

‎06-10-2023 10:20 AM

The image is from ISE self-registered guest portal (Work Centers > Guest Access > Portals & Components > Guest Portals > Self-registered guest portal). If you enable BYOD settings on the portal, you will see BYOD flow as well.

Go to solution
thomas
Cisco Employee
Cisco Employee

‎06-12-2023 04:47 PM

BYOD == Bring Your Own Device == "Employee personal endpoints".  BYOD policy can vary greatly from organization to organization. Some only want to know "it's my employee's device" while others want to provisioning identity certificates for authentication, and others may want to install MDM applications for greater management and risk avoidance in exchange for more network privileges and "greater productivity" using any device the employee chooses.

Guest == "Non-employee Internet only" although some organizations treat employee personal endpoints as Guest endpoints, too.

In ISE, the BYOD flow authenticates against your users with an organization's identity store and then determines if it should be merely registered or provisioned with a certificate or MDM. Guest goes through a portal for Hotspot, Self-Registered, or Sponsored access, depending on what you require.

0 Helpful

Go to solution
JustTakeTheFirstStep
Level 4
Level 4
In response to thomas

‎08-22-2023 11:34 PM - edited ‎08-22-2023 11:36 PM

@thomas @Nancy Saini @marce1000 

I'm trying to test BYOD on ISE.

We want to collect information from BYOD users and onboard them at ISE.
device type,
device OS,
name,
department,
IP, MAC

I have a few questions.

1. Is NSP Agent installation mandatory on laptops and mobile devices? Is it possible with agentless?

2. What is the algorithm that gives different rights to each user when the user authenticates himself without the sponsor's approval process?

For example
AAA user is full privileges to the profile A.
BBB user is limited privileges to the profile B.

Is the above process possible in the BYOD portal without sponsor involvement?

0 Helpful

Go to solution
thomas
Cisco Employee
Cisco Employee
In response to JustTakeTheFirstStep

‎08-23-2023 05:45 AM

See https://cs.co/ise-byod and read Cisco ISE BYOD Prescriptive Deployment Guide .

Start new threads with new questions.

0 Helpful
Customers Also Viewed These Support Documents