My quick analysis on why you would want to use Dual or Single SSID for ISE BYOD Device Onboarding (Native Supplicant and Certificate Provisioning)
Using employee creds, Employee can go directly through onboarding using CWA portal
Or another option for internet access only:
Using employee creds, Employee can get internet access via CWA portal and can be directed to onboard with single ssid
Ise 2.2 apple mini browser works in this flow
Can provide visible guidance to the user on the BYOD process before logging in
Easier to connect to OPEN SSID then PEAP SSID on windows OS especially since setting up supplicant is sometimes an issue. Anyone can connect to OPEN SSID and open a page to login
Apple Devices require users to switch network manually
Requires Fast-SSID switching
User experience is better for iDevice users as SSID switching from OPEN to SECURED does not require user intervention
This is a unique capability of ISE where competitors like Aruba forces user to login twice while ISE can take user information from 802.1X session without asking for the user to login again to the web portal
Fast-SSID switching does not need to be enabled
Abililty to differentiate access in stages
User connects to peap and gets secured access for internet and basic connectivity to employee portals webmail, not required to onboard. Attempts access to internal resources and is asked to onboard for more security and better management of their devices using my devices portal
User has to manually launch browser (apple mini browser not suppotted in flow)
Some Windows desktop OS may have difficulty connecting to PEAP network without modifying some of the settings on the supplicant.
Dear all Does anyone face an issue with calling API to create Guest wireless accounts with Cisco ISE (we are running version 2.6 with latest patch#9).There are brilliant articles and pretty straightforward from Cisco and even here on community:https:...
Hi Team, My intention is to allow Access to webex for our domain users. I have tried the steps which shown in the below link:https://help.webex.com/en-us/article/m0jby2/Configure-a-list-of-allowed-domains-to-access-Webex-while-on-your-corporate-netwo...
We have smart licensed our cisco ise box. (ISE-2.4 release SNS3595 Medium 1200 GBHD 64 GB Ram 16 processor) But it is showing out of compliance for VM large and Release Entitlement for VM Medium and VM small. Please help me understanding this. I...
Hi legends, I'm trying to figure out a way to connect a Cisco router that has a cellular connection through a VPN. The router is on a moving vehicle and the cellular connection is behind a NAT and does not have a public IP. The basic requirement is t...