Solved: BYOD without ISE?

EvaldasOu · ‎05-14-2013

Hi guys,

Can you suggest any other products/solutions if ISE is just too much expensive or just does not scale?

For example if we have 5-10 APs and we want to use BYOD services, use secure EAP-TLS tunnel on our WiFi network. How to get yours iPad secure?

Scott Fella · ‎05-14-2013

Just use radius... You can use either Microsoft Radius or even ACS to do EAP-TLS or any EAP type security. I use PEAP because I don't want to install a cert on my iPad:). Radius would tie into AD and you can set your policies there. You will not have any profiling, so radius will not know what device is what. That is what ISE does.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

View solution in original post

Scott Fella · ‎05-14-2013

Just use radius... You can use either Microsoft Radius or even ACS to do EAP-TLS or any EAP type security. I use PEAP because I don't want to install a cert on my iPad:). Radius would tie into AD and you can set your policies there. You will not have any profiling, so radius will not know what device is what. That is what ISE does.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

EvaldasOu · ‎05-14-2013

Thank you Scott! As always!

Scott Fella · ‎05-14-2013

No problem... If you are a Microsoft shop it would be cheaper to just bring up a new Microsoft radius server or add the IAS/NPS role to an existing server.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***