I wanna setup Cisco ISE 1.2.1 solution for my wireless users.The solution will have 2 SSID.
This will be used with guest portal and self registration portal for guests. dedicated VLAN or dAcl will be applied
This will be used for all corporate devices with corporate machine certificates (EAP-TLS) corporate dAcl will be applied (permit ip any any)
This will also be used for BYOD devices. All devices that dosent have corporate machine certificate needs to authenticate by PEAP and MSCHAPv2. The device will go trough self provisiong process and gets BYOD certificate from dedicated BYOD CA server by SCEP. dAcl will be applied that only gives access to the internet.
I wanna hear about your experiences about this kind of setup. Pros and cons. What do you think?