collapse

Search


User Info

 
 
Welcome, Guest. Please login or register.
Did you miss your activation email?

Author Topic: Byod with ACS 5.4  (Read 19009 times)

Offline renton2001

  • Cisco Newbie
  • *
  • Posts: 1
  • Reputation: 0
  • Certification: CCNA
Byod with ACS 5.4
« on: November 29, 2013, 12:38:25 PM »
Hi
 There is a way to restrict a SSID to smarthphone only with ACS 5.4?
Thank you


Offline MC

  • Global Moderator
  • Cisco Guru
  • *****
  • Posts: 401
  • Reputation: 606
  • CCIE x3 (RS,Sec,SP)
  • Certification: CCIE
Re: Byod with ACS 5.4
« Reply #1 on: November 29, 2013, 11:25:12 PM »
Since ACS does not support device profiling, there is not really a way to build the authorization policy based on the device type like ISE. The best you can do is probably restrict base on MAC addresses but that might not be practical and susceptible to AMC spoofing.

Offline oldshield

  • Cisco Newbie
  • *
  • Posts: 1
  • Reputation: 0
  • Certification: N/A
Re: Byod with ACS 5.4
« Reply #2 on: April 27, 2015, 02:31:04 PM »
I'm using acs 5.5. I know I can not do profiling in acs, but what about checking for a cert?

I have a byod environment for VIP users which used Ad credentials and a filter for the ssid of that network. my problem is since they are using their Ad credentials to authenticate, I need to allow them to use company assets on the trusted network but disallow personal device on the inside network. Was wondering if there was a fied in AD I could use for checking if it is a domain device or not.

Offline MC

  • Global Moderator
  • Cisco Guru
  • *****
  • Posts: 401
  • Reputation: 606
  • CCIE x3 (RS,Sec,SP)
  • Certification: CCIE
Re: Byod with ACS 5.4
« Reply #3 on: April 27, 2015, 11:32:55 PM »
You are not allowed to view links. Register or Login
I'm using acs 5.5. I know I can not do profiling in acs, but what about checking for a cert?

I have a byod environment for VIP users which used Ad credentials and a filter for the ssid of that network. my problem is since they are using their Ad credentials to authenticate, I need to allow them to use company assets on the trusted network but disallow personal device on the inside network. Was wondering if there was a fied in AD I could use for checking if it is a domain device or not.

If the devices are Windows computers, you can use PEAP with machine authentication to check for domain computer. Anything else other than that, you are pretty much limited to using certificate. Hopefully you have a MDM platform in place to allow device onboarding and certificate distribution.

 

Related Topics

  Subject / Started by Replies Last post
1 Replies
21626 Views
Last post March 17, 2014, 09:55:04 PM
by MC
1 Replies
56591 Views
Last post November 19, 2014, 07:18:45 PM
by dong
8 Replies
34915 Views
Last post May 11, 2016, 04:30:18 AM
by MC
1 Replies
34134 Views
Last post January 02, 2018, 04:54:56 AM
by MC
1 Replies
58194 Views
Last post December 15, 2020, 02:06:56 AM
by JarvisDashiell

SimplePortal 2.3.7 © 2008-2024, SimplePortal