Cisco Cisco 5520 Wireless Controller Guía Para Resolver Problemas
Wireless BYOD for FlexConnect Deployment Guide
Document ID: 113606
Contributed by Surendra BG and Ramamurthy Bakthavatchalam, Cisco
TAC Engineers.
TAC Engineers.
Sep 12, 2013
Contents
Introduction
Prerequisites
Requirements
Components Used
Topology
Device Registration and Supplicant Provisioning
Asset Registration Portal
Self−Registration Portal
Authentication and Provisioning
Provisioning for iOS (iPhone/iPad/iPod)
Provisioning for Android
Dual SSID Wireless BYOD Self−Registration
Single SSID Wireless BYOD Self−Registration
Feature Configuration
WLAN Configuration
FlexConnect AP Configuration
ISE Configuration
User Experience − Provisioning iOS
Dual SSID
Single SSID
User Experience − Provisioning Android
Dual SSID
My Devices Portal
Reference − Certificates
Related Information
Prerequisites
Requirements
Components Used
Topology
Device Registration and Supplicant Provisioning
Asset Registration Portal
Self−Registration Portal
Authentication and Provisioning
Provisioning for iOS (iPhone/iPad/iPod)
Provisioning for Android
Dual SSID Wireless BYOD Self−Registration
Single SSID Wireless BYOD Self−Registration
Feature Configuration
WLAN Configuration
FlexConnect AP Configuration
ISE Configuration
User Experience − Provisioning iOS
Dual SSID
Single SSID
User Experience − Provisioning Android
Dual SSID
My Devices Portal
Reference − Certificates
Related Information
Introduction
Mobile devices are becoming more computationally powerful and popular among consumers. Millions of
these devices are sold to consumers with high−speed Wi−Fi so users can communicate and collaborate.
Consumers are now accustomed to the productivity enhancement these mobile devices bring into their lives
and are seeking to bring their personal experience into the workspace. This creates the functionality needs of a
Bring Your Own Device (BYOD) solution in the workplace.
these devices are sold to consumers with high−speed Wi−Fi so users can communicate and collaborate.
Consumers are now accustomed to the productivity enhancement these mobile devices bring into their lives
and are seeking to bring their personal experience into the workspace. This creates the functionality needs of a
Bring Your Own Device (BYOD) solution in the workplace.
This document provides the branch deployment for the BYOD solution. An employee connects to a corporate
service set identifier (SSID) with his/her new iPad and gets redirected to a self−registration portal. The Cisco
Identity Services Engine (ISE) authenticates the user against the corporate Active Directory (AD) and
downloads a certificate with an embedded iPad MAC address and username to the iPad, along with a
supplicant profile that enforces the use of the Extensible Authentication Protocol−Transport Layer Security
(EAP−TLS) as a method for dot1x connectivity. Based on the authorization policy in ISE, the user can then
service set identifier (SSID) with his/her new iPad and gets redirected to a self−registration portal. The Cisco
Identity Services Engine (ISE) authenticates the user against the corporate Active Directory (AD) and
downloads a certificate with an embedded iPad MAC address and username to the iPad, along with a
supplicant profile that enforces the use of the Extensible Authentication Protocol−Transport Layer Security
(EAP−TLS) as a method for dot1x connectivity. Based on the authorization policy in ISE, the user can then