Cisco Cisco 5520 Wireless Controller Referencia técnica
Cisco Systems, Inc.
www.cisco.com
www.cisco.com
Wireless BYOD with Identity Services Engine
Last Updated: February 7, 2014
Release: Wireless BYOD with Identity Services Engine, Release 7.6
Introduction
Cisco Identity Services Engine (ISE) is Cisco’s next-generation policy server that provides
authentication and authorization infrastructure to the Cisco TrustSec solution. It also provides two other
critical services:
authentication and authorization infrastructure to the Cisco TrustSec solution. It also provides two other
critical services:
•
The first service is to provide a way to profile endpoint device type automatically based on attributes
Cisco ISE receives from various information sources. This service (called Profiler) provides
equivalent functions to what Cisco has previously offered with the Cisco NAC Profiler appliance.
Cisco ISE receives from various information sources. This service (called Profiler) provides
equivalent functions to what Cisco has previously offered with the Cisco NAC Profiler appliance.
•
Another important service that Cisco ISE provides is to scan endpoint compliancy; for example,
AV/AS software installation and its definition file validity (known as Posture). Cisco has been
previously providing this exact posture function only with the Cisco NAC Appliance.
AV/AS software installation and its definition file validity (known as Posture). Cisco has been
previously providing this exact posture function only with the Cisco NAC Appliance.
Cisco ISE provides an equivalent level of functionality, and it is integrated with 802.1X authentication
mechanisms.
mechanisms.
Cisco ISE integrated with wireless LAN controllers (WLCs) can provide profiling mechanisms of
mobile devices such as Apple iDevices (iPhone, iPad, and iPod), Android-based smart phones, and
others. For 802.1X users, Cisco ISE can provide the same level of services such as profiling and posture
scanning. Guest services on Cisco ISE can also be integrated with the Cisco WLC by redirecting web
authentication requests to Cisco ISE for authentication.
mobile devices such as Apple iDevices (iPhone, iPad, and iPod), Android-based smart phones, and
others. For 802.1X users, Cisco ISE can provide the same level of services such as profiling and posture
scanning. Guest services on Cisco ISE can also be integrated with the Cisco WLC by redirecting web
authentication requests to Cisco ISE for authentication.
This document introduces the wireless solution for Bring Your Own Device (BYOD), such as providing
differentiated access based on known endpoints and the user policy. This document does not provide the
complete solution of BYOD, but serves to demonstrate a simple use case of dynamic access. Other
configuration examples include using the ISE sponsor portal, where a privileged user can sponsor a guest
for provisioning wireless guest access.
differentiated access based on known endpoints and the user policy. This document does not provide the
complete solution of BYOD, but serves to demonstrate a simple use case of dynamic access. Other
configuration examples include using the ISE sponsor portal, where a privileged user can sponsor a guest
for provisioning wireless guest access.