i am working on a solution to provide internet(only) to our Scanners Android based.
we have WLC 5520 and ISE for integration. My solution was to configure L2 auth with PSK, since its only internet as we are separating form our internal network (similar to guest WLAN solution)
But we are also working to find if there is any cert based auth on scanners. i dont want to connect these scanners to AD and access internal network.
Please help me with the traffic flow if there is any solution.
is it an option to install a non-windows-based PKI?
be aware using certificates may have some impact on battery time.
depending on the implementation on the device type it may need more CPU processing and use more power from the battery
you will have to first check if the scanners support certificate based authentication ?
Even if you did user/password (AD) based authentication, the scanners will never talk to AD directly, they will only talk to controller, controller will talk to ISE and ISE will talk to AD for identity verification.
you can choose to create a new AD group for scanners only and create a internet only authorization
Yes you can, there are many guides for EAP-TLS deployment with ISE, here is a new one to get started.
I would recommend building this in a test lab and do all testings.