I received request on depicting some of the ISE flows and therefore providing a collection that I compiled a while back. Some of the terms and use cases may be a bit dated, but core information still valid and hopefully useful to others.
IEEE 802.1X -Port-based Access Control with Authentication
![image.png image.png](https://community.cisco.com/t5/image/serverpage/image-id/32207i7BE94DB4ABD44C8E/image-size/large?v=v2&px=999)
IEEE 802.1X with Change of Authorization (CoA)
![image.png image.png](https://community.cisco.com/t5/image/serverpage/image-id/32208i7A8C469B1DEC862A/image-size/large?v=v2&px=999)
MAC Authentication Bypass (MAB)
Non-802.1X capable devices and no “user intelligence” behind
![image.png image.png](https://community.cisco.com/t5/image/serverpage/image-id/32209i817AD969D6C83DA8/image-size/large?v=v2&px=999)
Local Web Authentication (LWA) Session Flow
![image.png image.png](https://community.cisco.com/t5/image/serverpage/image-id/32210iB2D66F4EC6AAD097/image-size/large?v=v2&px=999)
Wireless Local Web Auth (LWA) Configuration
![image.png image.png](https://community.cisco.com/t5/image/serverpage/image-id/32211iCC5A604CD8197FC2/image-size/large?v=v2&px=999)
Wired LWA Config
![image.png image.png](https://community.cisco.com/t5/image/serverpage/image-id/32212i595E049BCACD56FC/image-size/large?v=v2&px=999)
![image.png image.png](https://community.cisco.com/t5/image/serverpage/image-id/32213i624546A1DD83272C/image-size/large?v=v2&px=999)
Web Authentication
![image.png image.png](https://community.cisco.com/t5/image/serverpage/image-id/32214iFFEB96DA17E5FADF/image-size/large?v=v2&px=999)
CWA – Session Flow
![image.png image.png](https://community.cisco.com/t5/image/serverpage/image-id/32215i97E066D648EEF6C4/image-size/large?v=v2&px=999)
Wireless CWA Config
![image.png image.png](https://community.cisco.com/t5/image/serverpage/image-id/32216i8260D7E36793E67F/image-size/large?v=v2&px=999)
Wired CWA Config
![image.png image.png](https://community.cisco.com/t5/image/serverpage/image-id/32217iC1C68C29FE2171D6/image-size/large?v=v2&px=999)
Central Web Authentication (CWA) with ISE
![image.png image.png](https://community.cisco.com/t5/image/serverpage/image-id/32218i918195B7EECC9346/image-size/large?v=v2&px=999)
dACL + URL-Redirect for CWA
![image.png image.png](https://community.cisco.com/t5/image/serverpage/image-id/32219i330A9DB018E1B7CD/image-size/large?v=v2&px=999)
Sample ACLs for CWA Redirection
![image.png image.png](https://community.cisco.com/t5/image/serverpage/image-id/32220iD4D0399F55B68058/image-size/large?v=v2&px=999)
Wired Device Registration Web Auth (DRW) Flow
![image.png image.png](https://community.cisco.com/t5/image/serverpage/image-id/32221iFD6358B94A144203/image-size/large?v=v2&px=999)
Wired CWA Config
![image.png image.png](https://community.cisco.com/t5/image/serverpage/image-id/32222i5D979C832017187D/image-size/large?v=v2&px=999)
Wireless CWA Config
![image.png image.png](https://community.cisco.com/t5/image/serverpage/image-id/32223iC8330E43911D3FD1/image-size/large?v=v2&px=999)
Wireless DRW Flow
![image.png image.png](https://community.cisco.com/t5/image/serverpage/image-id/32224i14E0C1EAA9C85692/image-size/large?v=v2&px=999)
Example of Profiling Flow with Multiple Probes
SNMP Query, SNMP Trap, RADIUS, DHCP Helper
![image.png image.png](https://community.cisco.com/t5/image/serverpage/image-id/32225i6E0B161AF06B8E0D/image-size/large?v=v2&px=999)
Profiling without Probes
Direct Profiling using Client Provisioning (Posture Agent or NSP)
![image.png image.png](https://community.cisco.com/t5/image/serverpage/image-id/32226iA7006A2CCC937C62/image-size/large?v=v2&px=999)
Probeless Profiling
Wireless 802.1X with Posture Example
![image.png image.png](https://community.cisco.com/t5/image/serverpage/image-id/32227i92A14C7F84B85791/image-size/large?v=v2&px=999)
802.1X End User Authentication with Posture
![image.png image.png](https://community.cisco.com/t5/image/serverpage/image-id/32228i29E46A61629B712A/image-size/large?v=v2&px=999)
802.1X End User Authentication with Posture
![image.png image.png](https://community.cisco.com/t5/image/serverpage/image-id/32229iA0B7F1CE339D7173/image-size/large?v=v2&px=999)
Adding Posture to the Authorization Policy
![image.png image.png](https://community.cisco.com/t5/image/serverpage/image-id/32230i2AD3DD27B20838E2/image-size/large?v=v2&px=999)
![image.png image.png](https://community.cisco.com/t5/image/serverpage/image-id/32231i8A45A9E8009D9569/image-size/large?v=v2&px=999)
BYOD Authorization Policy
Single SSID – Employee using PEAP
![image.png image.png](https://community.cisco.com/t5/image/serverpage/image-id/32232i02A4CBA4A40322C0/image-size/large?v=v2&px=999)
Dual SSID – Employee using CWA
![image.png image.png](https://community.cisco.com/t5/image/serverpage/image-id/32233iEACCDBB42E52C55C/image-size/large?v=v2&px=999)
![image.png image.png](https://community.cisco.com/t5/image/serverpage/image-id/32234i340A2557AA56AB39/image-size/large?v=v2&px=999)
Dual SSID – Guest using CWA
![image.png image.png](https://community.cisco.com/t5/image/serverpage/image-id/32235i690680D7883D7B51/image-size/large?v=v2&px=999)
Dual SSID – Select Employees using CWA
![image.png image.png](https://community.cisco.com/t5/image/serverpage/image-id/32236i24F0036C72D7E0B5/image-size/large?v=v2&px=999)
![image.png image.png](https://community.cisco.com/t5/image/serverpage/image-id/32237i52ADA2ADD5245553/image-size/large?v=v2&px=999)
Post-Supplicant Provisioning
![image.png image.png](https://community.cisco.com/t5/image/serverpage/image-id/32238iEEE2BB10B4FD67A0/image-size/large?v=v2&px=999)
![image.png image.png](https://community.cisco.com/t5/image/serverpage/image-id/32239iB2F826A5F56444C1/image-size/large?v=v2&px=999)
Native Supplicant Provisioning (iOS Scenario)
![image.png image.png](https://community.cisco.com/t5/image/serverpage/image-id/32240i32FCF860F9BE6E66/image-size/large?v=v2&px=999)
Native Supplicant Provisioning (Android Scenario)
![image.png image.png](https://community.cisco.com/t5/image/serverpage/image-id/32241i0621A23D5103A93F/image-size/large?v=v2&px=999)