My quick analysis on why you would want to use Dual or Single SSID for ISE BYOD Device Onboarding (Native Supplicant and Certificate Provisioning)
Using employee creds, Employee can go directly through onboarding using CWA portal
Or another option for internet access only:
Using employee creds, Employee can get internet access via CWA portal and can be directed to onboard with single ssid
Ise 2.2 apple mini browser works in this flow
Can provide visible guidance to the user on the BYOD process before logging in
Easier to connect to OPEN SSID then PEAP SSID on windows OS especially since setting up supplicant is sometimes an issue. Anyone can connect to OPEN SSID and open a page to login
Apple Devices require users to switch network manually
Requires Fast-SSID switching
User experience is better for iDevice users as SSID switching from OPEN to SECURED does not require user intervention
This is a unique capability of ISE where competitors like Aruba forces user to login twice while ISE can take user information from 802.1X session without asking for the user to login again to the web portal
Fast-SSID switching does not need to be enabled
Abililty to differentiate access in stages
User connects to peap and gets secured access for internet and basic connectivity to employee portals webmail, not required to onboard. Attempts access to internal resources and is asked to onboard for more security and better management of their devices using my devices portal
User has to manually launch browser (apple mini browser not suppotted in flow)
Some Windows desktop OS may have difficulty connecting to PEAP network without modifying some of the settings on the supplicant.
Hello, I have an ISE with two PAN and two PSN. The certificate for admin usage is expired. I have deleted the secondary node and now when I try to register it back, I get the expired certificate error. I will renew the certificate.&nb...
Dear All, We have a mixed environment of cisco switches and non-cisco (Does not support 802.1x). There is less very feasibility to replace non-cisco switches and need to configure 802.1x and posture services for laptops. what can be the be...
Attached is the current infra but we're getting attacked with several ports I tried to set an access list but when I set the configuration there's no hitcount when I show run the access-list. something is not right even the access-list OUT_IN ex...
Hi ,I would like to ask about DMVPN setup.I tested DMVPN with GNS3.I am using ios c7200-adventerprisek9-mz.152-4.S7.image.I run EIGRP is overlay protocol to carry route.I also run static route redistribution.I didn't get eigrp route and static on my Branc...