Monday, March 22, 2021

Cisco ISE with Open WiFi Authentication

Bit of a Cisco ISE and WiFi noob,

Does anyone know if it is possible to have Cisco ISE authenticate a device access to an SSID without been prompted for a username/password, and also without any client based authentication?

A client wants to have some OT devices connect to a hidden SSID without any user intervention, but to use ISE profiling for dynamic VLAN assignment.

My understanding so far is that this is not possible. EAP seems to be the trigger to direct SSID authentication to ISE in which either a username/password or certificate has to be used to authenticate before hitting the authorization policy where the device profiling/dynamic VLAN assignment happens.

If someone can confirm my theory or have a potential solution, that would be a great help.

Thanks



No comments:

Post a Comment