Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1186
Views
0
Helpful
8
Replies

Allow only Corporate Mobile devices

ittechk4u1
Level 4
Level 4

‎08-17-2016 01:14 AM - edited ‎07-05-2021 05:39 AM

Hello Experts,

Could you please tell me the way in which I can allow on corporate mobile devices to my wireless network to use internet access.

Corporate devices: Apple, Samsung,...windows phone..etc

Devices am using to provide WLAN: Cisco WLC, ISE, Cisco AP, CA server...etc

Thanks in advance

Labels:
0 Helpful
8 Replies 8

Karsten Iwen
VIP
VIP

‎08-17-2016 01:38 AM

If you already have the ISE (and a CA), then you can enroll all your corporate devices to either the ISE-CA or your internal CA. These devices connect to an SSID that is configured for 802.1x/EAP and get the right to use the internet assigned by the ISE. This can be done by assigning a VLAN and filtering upstream or by assigning an ACL that you have on the WLC.

For enrolling you could use the ISE internal BYOD workflow (if you have the proper licensing) or a mobile device management.

0 Helpful

ittechk4u1
Level 4
Level 4
In response to Karsten Iwen

‎08-17-2016 01:52 AM

Thank you for reply! do you have any config guide of it ? If yes then please provide me.
0 Helpful

Karsten Iwen
VIP
VIP
In response to ittechk4u1

‎08-17-2016 01:57 AM

Well, there are tons of documents and in the end you probably need to go on an ISE-traiining or get some help from your cisco partner. But as a starting point, here are the design guide:

https://communities.cisco.com/docs/DOC-64012#jive_content_id_BYOD

0 Helpful

ittechk4u1
Level 4
Level 4
In response to Karsten Iwen

‎08-17-2016 02:10 AM

Thank you. I will try to do as per the document and let you know the status.

0 Helpful

Sp@wn
Level 1
Level 1
In response to Karsten Iwen

‎04-13-2020 12:32 AM

Hello Karsten,

How can I separate company mobile device and personal mobile device during BYOD process? I would like to grant access to vlan 10 for corporate mobile devices (android, ipad) and grant access to vlan 20 for personal mobile devices (android, ipad).
0 Helpful

patoberli
VIP Alumni
VIP Alumni
In response to Sp@wn

‎04-14-2020 05:23 AM

You can do that by using an MDM solution and putting a trusted client certificate on the corp mobile devices and use this for authentication on the ISE. So devices with a valid corporate certificate get policy 10 and the others get policy 20.
0 Helpful

Sp@wn
Level 1
Level 1
In response to patoberli

‎04-14-2020 06:01 AM

Yes you are right but we don't have MDM device.
0 Helpful

patoberli
VIP Alumni
VIP Alumni
In response to Sp@wn

‎04-14-2020 06:14 AM

Then you don't have many options. You somehow need to be able to differentiate the devices, the best and most secure way to do this, is with an MDM solution.


0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card