collapse

Search


User Info

 
 
Welcome, Guest. Please login or register.
Did you miss your activation email?
« previous next »
Pages: [1]

Author Topic: Byod with ACS 5.4  (Read 4965 times)

Offline renton2001

  • Cisco Newbie
  • *
  • Posts: 1
  • Reputation: 0
  • Certification: CCNA
Byod with ACS 5.4
« on: November 29, 2013, 12:38:25 PM »
Hi
 There is a way to restrict a SSID to smarthphone only with ACS 5.4?
Thank you

Logged

Offline MC

  • Global Moderator
  • Cisco Guru
  • *****
  • Posts: 400
  • Reputation: 606
  • CCIE x3 (RS,Sec,SP)
  • Certification: CCIE
Re: Byod with ACS 5.4
« Reply #1 on: November 29, 2013, 11:25:12 PM »
Since ACS does not support device profiling, there is not really a way to build the authorization policy based on the device type like ISE. The best you can do is probably restrict base on MAC addresses but that might not be practical and susceptible to AMC spoofing.
Logged

Offline oldshield

  • Cisco Newbie
  • *
  • Posts: 1
  • Reputation: 0
  • Certification: N/A
Re: Byod with ACS 5.4
« Reply #2 on: April 27, 2015, 02:31:04 PM »
I'm using acs 5.5. I know I can not do profiling in acs, but what about checking for a cert?

I have a byod environment for VIP users which used Ad credentials and a filter for the ssid of that network. my problem is since they are using their Ad credentials to authenticate, I need to allow them to use company assets on the trusted network but disallow personal device on the inside network. Was wondering if there was a fied in AD I could use for checking if it is a domain device or not.
Logged

Offline MC

  • Global Moderator
  • Cisco Guru
  • *****
  • Posts: 400
  • Reputation: 606
  • CCIE x3 (RS,Sec,SP)
  • Certification: CCIE
Re: Byod with ACS 5.4
« Reply #3 on: April 27, 2015, 11:32:55 PM »
You are not allowed to view links. Register or Login
I'm using acs 5.5. I know I can not do profiling in acs, but what about checking for a cert?

I have a byod environment for VIP users which used Ad credentials and a filter for the ssid of that network. my problem is since they are using their Ad credentials to authenticate, I need to allow them to use company assets on the trusted network but disallow personal device on the inside network. Was wondering if there was a fied in AD I could use for checking if it is a domain device or not.

If the devices are Windows computers, you can use PEAP with machine authentication to check for domain computer. Anything else other than that, you are pretty much limited to using certificate. Hopefully you have a MDM platform in place to allow device onboarding and certificate distribution.
Logged
Pages: [1]
« previous next »
 

Related Topics

  Subject / Started by Replies Last post
1 Replies
9825 Views 		Last post March 17, 2014, 09:55:04 PM
by MC
1 Replies
11653 Views 		Last post November 19, 2014, 07:18:45 PM
by dong
8 Replies
14510 Views 		Last post May 11, 2016, 04:30:18 AM
by MC
1 Replies
5946 Views 		Last post January 02, 2018, 04:54:56 AM
by MC
1 Replies
11854 Views 		Last post December 15, 2020, 02:06:56 AM
by JarvisDashiell

SimplePortal 2.3.7 © 2008-2024, SimplePortal