My quick analysis on why you would want to use Dual or Single SSID for ISE BYOD Device Onboarding (Native Supplicant and Certificate Provisioning)
Using employee creds, Employee can go directly through onboarding using CWA portal
Or another option for internet access only:
Using employee creds, Employee can get internet access via CWA portal and can be directed to onboard with single ssid
Ise 2.2 apple mini browser works in this flow
Can provide visible guidance to the user on the BYOD process before logging in
Easier to connect to OPEN SSID then PEAP SSID on windows OS especially since setting up supplicant is sometimes an issue. Anyone can connect to OPEN SSID and open a page to login
Apple Devices require users to switch network manually
Requires Fast-SSID switching
User experience is better for iDevice users as SSID switching from OPEN to SECURED does not require user intervention
This is a unique capability of ISE where competitors like Aruba forces user to login twice while ISE can take user information from 802.1X session without asking for the user to login again to the web portal
Fast-SSID switching does not need to be enabled
Abililty to differentiate access in stages
User connects to peap and gets secured access for internet and basic connectivity to employee portals webmail, not required to onboard. Attempts access to internal resources and is asked to onboard for more security and better management of their devices using my devices portal
User has to manually launch browser (apple mini browser not suppotted in flow)
Some Windows desktop OS may have difficulty connecting to PEAP network without modifying some of the settings on the supplicant.
Hello Community I'm following the doc https://www.cisco.com/c/dam/en/us/td/docs/security/content_security/virtual_appliances/Cisco_Content_Security_Virtual_Appliance_Install_Guide.pdf we have 3 interfaces for the virtual appliance. During c...
Hi. Will try and make this short Have been tasked with finding a solution to set up a streaming camera at one of our trails. It has power and possibly a pole so it can be mounted. No Wifi from ISP but can purchase a ZTE LTE router and install that. Would...
Hi,I have to connect to different customers and they all have a different vpn method. So what i am doing now is starting Windows Sandbox, install the vpn client there, and connect to the client. After i am finished. I close the sandbox and everything is d...
Hello. I recently added a Network Condition to my Device Admin Policy set. The idea is to only allow TACACS login from specific networks. This worked great, but now I cannot authenticate using Console (login authentication failed). ...