Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ISE 1.2: Employee with personal device registration

Hi experts,
I'm aware of this discussion

but looking for a detailed configuration to get following to work:
Employee's have access to the network with their corporate devices. No problem
Now employees need to be able to use their own mobile devices to get access. There is no definition of what devices are allowed.
II guess to let employees register their private devices with  MAC address on MyDevice portal would be the most sufficient solution.
Does anyone have a detailed configuration or link how to achieve that?





Accepted Solutions
Cisco Employee

Please refer the link :http:/

Cisco Employee

Please refer the link :http:/

Cisco Employee

Having BYOD access be based

Having BYOD access be based on mac address only is not really ideal and also not secure. A mac address can easily be spoofed and consequently your security policy can be bypassed. If you have a PKI environment you can take the EAP-TLS with SCEP approach:

If you don't have a PKI environment and don't want to mess with certificates you can still use a more secure method than MAC addresses. For instance, you can perform PEAP user authentication. You can create a "special" BYOD AD group and place the authorized users there. Then they can use their AD credentials to authenticate. In the authorization policy you can limit the access for those type of authentications via dACLs (switches) or named access lists (WLCs)

Hope this helps!


Thank you for rating helpful posts!

Thank you for rating helpful posts!
New Member

Hi Neno,thanks for taking the

Hi Neno,

thanks for taking the time to answer. (Un) fortunately a PKI/certificates is not an option at the moment.

I like your second suggestion but the idea Mohana refered via the link to seems to be even easier.

Starting from page 18-4 the example shows a very simple way to achieve my goal with minimum configuration effort. One of  the major drawbacks I can see in this example is that an emplyee could us this AuthZ for access with a corporate device too.  





CreatePlease login to create content