ISE 1.2 for Wireless BYOD and Posture

fatalXerror · ‎07-02-2015

Hi Experts,

Good Day!

Is it possible in ISE to have wireless BYOD and posturing enabled at the same time and for using only a single SSID?

Thanks.

nspasov · ‎07-02-2015

Hi Nikko,

Yes, as long as you have a controller that runs a version of code that supports CoA (Change of Authorization) which happened after version 7.2.

It will be all about building your rules in ISE. You can configure it so the posture happens before or after BYOD on-boarding.

I hope this helps!

Thank you for rating helpful posts!

fatalXerror · ‎07-03-2015

Hi Neno,

Good Day!

Thanks for the great feedback.

I would like also to ask about DACL. I'm a bit confused on how to use it.

I have a design for departmental access for wirless, will DACL be able to work with this design or I should use Airespace ACL? The thing with Airespace ACL is that I will configure the ACL in the WLC right?

Thanks,

niks

nspasov · ‎07-06-2015

Hi Nikko-

The new converged access (3850s, 4510-sup-8) do support DACLs. However, the traditional AIR OS (WLC 5508, 2504, etc) does not!

As a result, you would have to configure the Airspace ACLs on the controllers and then reference those in the "Authorization Profiles" in ISE.

Take a look at the link below for more info and some configuration examples:

http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Borderless_Networks/Unified_Access/BYOD_Design_Guide/BYOD_Wireless.html

I hope this helps!

Thank you for rating helpful posts!