You are here
SEC0052 - ISE 1.1 BYOD (Part 3) - Wireless Onboarding Single SSID Testing
Difficulty Level:
Lab Document:
<Please login to see the content>
Category:
Security
This Cisco ISE BYOD mini video series demonstrates device onboarding process for users to connect their personal devices to a corporate network as part of Bring Your Own Device (BYOD) concept. We will be covering both wired and wireless access using Windows 7, iPhone, and Android as client devices. Relevant authentication, authorization, and client provisioning policies will be presented. We will also looks at how users can manage their own devices through the My Devices Portal.
In part 3, we test onboarding process to verify our configuration completed in part 2 using Windows 7, iPhone, and Android devices.
Topic:
- SCEP CA Profile
- Device Registration
-
Policy Element Condition
- Authorization (Compound Condition)
-
Policy Element Result
-
Authorization (Authorization Profile)
- Web Authentication (CWA)
- Airspace ACL
- Client Provisioning (Native Supplicant Profile)
-
Authorization (Authorization Profile)
- Authentication Policy
- Authorization Policy
- Client Provisioning Policy
- My Devices Portal
- Device Blacklist
Notes:
- SSID 1: Internal SSID with WPA Enterprise
- Users authenticate through PEAP to register device and download profile
- Users authenticate through EAP-TLS to gain network access
-
ISE acts as SCEP proxy and request certificate on user behalf with the following attributes
- CN = Username used in authentication
- Subject Alternative Name = Client MAC address
About Author
Metha Chiewanichakorn, CCIE#23585 (Ent. Infra, Sec, SP), is a Cisco networking enthusiast with years of experience in the industry. He is currently working as a consulting engineer for a Cisco partner. As a founder of and an instructor at labminutes.com, Metha enjoys learning and challenges himself with new technologies.