Cisco Cisco Identity Services Engine 1.3 작동 가이드
安全访问操作指南
Android_SingleSSID = This Authorization Rule is added for Android devices since they require to
download the Cisco Network Setup Assistant to complete the provisioning. The rule is specific to
Single SSID setup. Once the Android device hits the “Register” button during device registration,
ISE sends a Re-Auth COA to the controller. When the Android connects back to the network the
session ID remains same since COA issued from ISE was Ra-Auth and NOT Session Terminate. ISE then
applies the NSP_Google permission to continue with the provisioning process
Android_DualSSID = This Authorization Rule is added for Android devices since they require to
download the Cisco Network Setup Assistant to complete the provisioning. The rule is specific to
Dual SSID setup. Once the Android device hits the “Register” button during device registration,
ISE sends a Re-Auth COA to the controller. When the Android connects back to the network the
session ID remains same since COA issued from ISE was Ra-Auth and NOT Session Terminate. ISE then
applies the NSP_Google permission to continue with the provisioning process
CWA = Authorization rule added for Central Web Authentication.
NSP = This Authorization Rule is added for devices which will go through the BYOD supplicant and
certificate provisioning flows when coming over Corporate Wireless SSID using 802.1x using
protocol MSCHAPV2.
PERMIT = Devices which have completed BYOD Supplicant and Certificate provisioning, with a
certificate using EAP-TLS for authentication and coming over Corporate Wireless SSID will fall
under this Authorization Policy.
Default = Default Authorization Policy set as Deny Access.
© 2015 思科系统公司
第
31 页