Cisco Cisco Identity Services Engine 1.3 작동 가이드

安全访问操作指南

Android_SingleSSID = This Authorization Rule is added for Android devices since they require to

download the Cisco Network Setup Assistant to complete the provisioning. The rule is specific to

Single SSID setup. Once the Android device hits the “Register” button during device registration,

ISE sends a Re-Auth COA to the controller. When the Android connects back to the network the

session ID remains same since COA issued from ISE was Ra-Auth and NOT Session Terminate. ISE then

applies the NSP_Google permission to continue with the provisioning process

Android_DualSSID = This Authorization Rule is added for Android devices since they require to

download the Cisco Network Setup Assistant to complete the provisioning. The rule is specific to

Dual SSID setup. Once the Android device hits the “Register” button during device registration,

ISE sends a Re-Auth COA to the controller. When the Android connects back to the network the

session ID remains same since COA issued from ISE was Ra-Auth and NOT Session Terminate. ISE then

applies the NSP_Google permission to continue with the provisioning process

CWA = Authorization rule added for Central Web Authentication.

NSP = This Authorization Rule is added for devices which will go through the BYOD supplicant and

certificate provisioning flows when coming over Corporate Wireless SSID using 802.1x using

protocol MSCHAPV2.

PERMIT = Devices which have completed BYOD Supplicant and Certificate provisioning, with a

certificate using EAP-TLS for authentication and coming over Corporate Wireless SSID will fall

under this Authorization Policy.

Default = Default Authorization Policy set as Deny Access.

第

31 页