03-02-2012 10:47 AM
HI,
Is there any document on BYOD solution? I would like to configure profiles limiting users with BYOD. I am looking for a configuration guide or samples.
Thanks,
03-02-2012 12:10 PM
Not with the ASA.
You're going to have to look into NAC or ISE.
There are also many non-Cisco products available for control and management of personal wireless devices.
Ven
03-02-2012 12:26 PM
Hi,
Thanks for the quick response. Can we configure a group policy and a profile and filter from there ?
can we do it as just a vpn users group with more restrictions? we are a cisco shop and we try to use what we have now.
03-02-2012 12:30 PM
ISE is the full-featured solution for such protection moving forward. However, depending on how you use your ASA in your environment, you may be able to use CSD and DAP for this. Have a look at the nice video demonstrating the feature:
http://www.youtube.com/watch?v=z9ouB8oL6ys&list=WL44B25C44727D4C03&index=1&feature=plpp_video
Hope this helps.
03-09-2012 05:57 AM
Marvin:
Great video. I see where this could apply in a remote access vpn solution, but what about wireless. Can you think of any ways to integrate this solution into wireless access? I'm just thinking out loud, but maybe create a vendor ssid / controller interface that routes to the ASA for authentication and access into the network.
Does CSD support any other OS besides windows, mac, and linux?
Ven
03-09-2012 07:30 AM
Wireless and other scenarios are where the ISE solution comes to the fore. It does profiling and posture assessment etc.
CSD only supports Windows, OS X and Linux. Reference. What other OS did you have in mind?
03-10-2012 02:45 AM
BYOD 2.0
Below is a link to the recently published Cisco BYOD 2.0 White Paper:
http://www.cisco.com/en/US/docs/solutions/Enterprise/Borderless_Networks/Unified_Access/byodwp.html
Also, be on the lookout for the official BYOD 2.0 launch coming in March!
BYOD 1.0
BYOD design guide v1.0 published last year (does not include ISE) has some pertinent info around certificate authentication and remote access VPN.
BYOD Design Guide 1.0:
http://www.cisco.com/en/US/docs/solutions/Enterprise/Borderless_Networks/Unified_Access/Unified_Access_Book.html
Sent from Cisco Technical Support iPad App
03-22-2012 04:28 AM
There seems to little information around for BYOD from Cisco from what I can see so far.
I'm thinking about using ISE for management and some WLC's on the Internet DMZ with NAC boxes. Using NAC for user pages/dhcp scope like a Guest NAC Server.
Can the ISE do what the Clean Access Lite Manager can do? Manage remote NAC's, control user pages, dhcp scope, mac filtering, ip filtering etc?
My proposal for BYOD internet
SSID for BYOD
MAC filtering (done on ISE if possible)
Internal WLC's with a mobility anchor to Internet DMZ WLC
DMZ NAC (guest type server?)
ISE to manage DMZ NAC like Clean Lite access mrg if possible
to allow limited connectivity like good.com
I need to get Cisco in the office, but any recommendations would be helpful.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: