View Cart
0 Items | Total: US$0.00
Welcome,      Register

You are here

SEC0053 - ISE 1.1 BYOD (Part 4) - Wireless Onboarding Dual SSID

Average: 5 (1 vote)
Difficulty Level: 
Lab Document: 
<Please login to see the content>

This Cisco ISE BYOD mini video series demonstrates device onboarding process for users to connect their personal devices to a corporate network as part of Bring Your Own Device (BYOD) concept. We will be covering both wired and wireless access using Windows 7, iPhone, and Android as client devices. Relevant authentication, authorization, and client provisioning policies will be presented. We will also looks at how users can manage their own devices through the My Devices Portal.

In part 4, we focus on device onboarding on wireless network with dual SSID
  • SCEP CA Profile
  • Device Registration
  • Policy Element Condition
    • Authorization (Compound Condition)
  • Policy Element Result
    • Authorization (Authorization Profile)
      • Web Authentication (Supplicant Provisioning)
      • Airspace ACL
    • Client Provisioning (Native Supplicant Profile)
  • Authentication Policy
  • Authorization Policy
  • Client Provisioning Policy
  • My Devices Portal
  • Device Blacklist
  • SSID 1: Onboarding SSID with Open authentication (MAC Filtering)
  • SSID 2: Internal SSID with WPA Enterprise (potentially hidden)
  • Users authenticate through wireless MAB to register device and download profile
  • Users authenticate through EAP-TLS to gain network access
  • ISE acts as SCEP proxy and request certificate on user behalf with the following attributes
    • CN = Username used in authentication
    • Subject Alternative Name = Client MAC address

About Author

Metha Cheiwanichakorn, CCIE#23585 (RS, Sec, SP), is a Cisco networking enthusiast with years of experience in the industry. He is currently working as a consulting engineer for a Cisco partner. As a founder of and an instructor at, Metha enjoys learning and challenges himself with new Cisco technologies.