02-22-2018 03:49 AM - edited 02-21-2020 10:46 AM
Hi!
I am having some difficulty in getting the SCEP to work as its not managed by our team and becoming hard to ask other to fix it.
So I am looking for alternative solution for this.
On our mobiles we do have MDM installed but again I dont have access to it to get my ISE certifcate to be added to MDM. Not sure if I can check if the mobile has MDM installed with the right coperate attributes to make Authz profile out of that.
If above is not possible what can be third secure way to deply BYOD?
Thanks
02-22-2018 06:53 AM
You Can setup ISE internal CA, both as a standalone and intermediate CA, and creating certificate template to issue client certificate for your BYOD users. There are some LAB minutes videos on the same:
Setting up Internal CA
http://www.labminutes.com/sec0187_ise_13_internal_certificate_authority_ca_setup_1
http://www.labminutes.com/sec0187_ise_13_internal_certificate_authority_ca_setup_2
Wired BYOD
http://www.labminutes.com/sec0188_ise_13_byod_wired_802.1X_onboarding_internal_ca_1
http://www.labminutes.com/sec0188_ise_13_byod_wired_802.1X_onboarding_internal_ca_2
Wireless SIngle SSID BYOD
http://www.labminutes.com/sec0189_ise_13_byod_wireless_onboarding_single_ssid_internal_ca_1
http://www.labminutes.com/sec0189_ise_13_byod_wireless_onboarding_single_ssid_internal_ca_2
Wireless DUAL SSID BYOD
http://www.labminutes.com/sec0190_ise_13_byod_wireless_onboarding_dual_ssid_internal_ca_1
02-26-2018 01:27 AM
Thanks Jatin.
I gone through the first video but was looking for some documentation as he is using three different scanrio. I have two node deployment with with ISE contains CA certifcate. Also I am not sure changing the config in Internal CA will change anything in the existing environment as I dont want to break anything there.
03-01-2018 12:50 PM
Hi!
I saw video tutorial where someone just made certifcate template and used it direct. I will test that once my download issue from cisco.com get solve.
Regards,
Capricorn
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide