Solved: Re: When Primary PAN is Down,Whether BYOD support external CA or not？

songl · ‎06-10-2018

Hi Team

In below document, i see if primary pan down, BYOD couldn't support internal CA. I want to know ,When Primary PAN is Down,Whether BYOD support external CA?

Features	Available When Primary PAN is Down (Yes/No)
Existing internal user RADIUS authentication	Yes
Existing or New AD user RADIUS authentication	Yes
Existing endpoint with no profile change	Yes
Existing endpoint with profile change	No
New endpoint learned through profiling.	No
Existing guest – LWA	Yes
Existing guest – CWA	Yes (apart from flows enabled for device registration, such as Hotspot, BYOD, and CWA with automatic device registration)
Guest change password	No
Guest – AUP	No
Guest – Max Failed Login Enforcement	No
New Guest (Sponsored or Self-registered)	No
Posture	Yes
BYOD with Internal CA	No
Existing Registered Devices	Yes
MDM On-boarding	No
pxGrid Service	No

https://www.cisco.com/c/en/us/td/docs/security/ise/2-4/admin_guide/b_ise_admin_guide_24/b_ise_admin_guide_24_new_chapter…

Thanks

BR

Songl

Nidhi · ‎06-11-2018

Hi,

when Primary PAN is down, no new session is created. If you are asking if external CA can be used for BYOD, then yes. but the recommended way is to use internal CA which is easy

Thanks,

Nidhi

View solution in original post

Nidhi · ‎06-11-2018

Hi,

when Primary PAN is down, no new session is created. If you are asking if external CA can be used for BYOD, then yes. but the recommended way is to use internal CA which is easy

Thanks,

Nidhi

songl · ‎06-12-2018

Thanks for all

hslai · ‎06-11-2018

Part of BYOD is to register the endpoint so it would not work properly if the primary admin node is down. Proxying SCEP requests do not depend on this.