You can configure Cisco ISE to interoperate with one or more external Mobile Device Manager (MDM) servers. In the following illustration, Cisco ISE is the enforcement point and the MDM policy server is the policy information point.Ĭisco ISE obtains data from the MDM server to provide a complete solution. Network over VPN via Cisco An圜onnect 4.1 and Cisco Adaptive Security Appliances 9.3.2 or later. This allows you to route differentĮndpoints to different MDM servers based on device factors such as location orĬisco ISE also integrates with MDM servers using the Cisco MDM Server Info API, Version 2, to allow devices to access the You can run multiple active MDM servers on your network, Cisco ISE queries the MDM servers for the necessary deviceĪttributes to create ACLs that provide network access control for those devices. Granular access to endpoints based on access control lists (ACL). However, the network is the only entity that can provide MDM servers act as a policy server that controls the use of some applications on a mobileĭevice (for example, an email application) in the deployed environment. Mobile Device Management (MDM) servers secure, monitor, manage, and support mobile devices deployed across mobile operators, Mobile Device Manager Interoperability with Cisco ISE
Set Up Mobile Device Management Servers with Cisco ISE.Mobile Device Management Integration Process Flow.Ports Used by the Mobile Device Management Server.Supported Unified Endpoint Management and Mobile Device Management Servers.
Supported Mobile Device Management Use Cases.Monitoring and Troubleshooting Service in Cisco ISE.Enable Your Switch to Support Standard Web Authentication.Configure Client Provisioning in Cisco ISE.Mobile Device Manager Interoperability with Cisco ISE.Personal Devices on a Corporate Network (BYOD).
I always prefer to configure Maximum Privilege as 15 because we have already configured command sets for access restrictions Work Centers > Device Administration > Policy Elements > Results > TACACS Profiles Check the box under Commands ‘Permit any command that is not listed below’ and don’t add any commandĪnother command set is created that allows only show commands. Click Addįor example, we have created ‘CMD-SET ALL ALLOWED’, which allows all commands. Navigate to Work Centers > Device Administration > Policy Elements > Results > TACACS Command Sets. Same thing can be done under Work Centers > Network Access or Work Centers > Guest Access. In our case, only network admin users are internal.Īdministration > Identity Management > Identities > Users. Configure Radius/TACACS+.Ĭreate internal users. Provide Name & IP address of Network device to be added. We can group devices based on type or location.ĭevice Administration > Network Resources > Network Device Groupsĭevice Administration > Network Resources > Network Devices. Under General Setting, check the box ‘Enable Device Admin Service’. Navigate to Administration > System > Deployment > For Device Administration on ISE perform following tasks: