A single SSID model for a Bring Your Own Device (BYOD) deployment requires a centralized policy and access control engine to differentiate between various users and device types connecting to the same network name. The Cisco Identity Services Engine (ISE) is the required technology for this function. ISE acts as a RADIUS server and policy decision point, using context such as user identity, device type, and security posture to dynamically assign specific network access policies, such as VLANs or Access Control Lists (ACLs). This allows administrators to securely segment corporate, guest, and personal devices while maintaining a simplified user experience with a single SSID.

A. mobility service engine: The MSE is primarily used for location-based services (CMX) and wireless intrusion prevention (wIPS), not for core identity and policy enforcement for BYOD.

B. wireless control system: WCS is an obsolete network management platform that has been replaced by Cisco Prime Infrastructure and lacks the advanced policy capabilities of ISE.

D. Prime Infrastructure: This is a network management tool for configuration, monitoring, and troubleshooting. It does not perform the dynamic, context-aware policy enforcement, which is the role of ISE.

1. Cisco

"BYOD Design Guide (CVD)": In the chapter on BYOD Architecture

the guide states

"Cisco Identity Services Engine (ISE)—A context-aware security policy platform that enables an enterprise to enforce security policy for all users and devices that are seeking access to the network." It further explains that for a single-SSID design

ISE is used to differentiate devices and apply the appropriate policy. (Reference: BYOD Design Guide

Chapter 2

"BYOD Architecture

" section "Solution Components").

2. Cisco

"Identity Services Engine (ISE) Administrator Guide": The documentation details how ISE is the central component for creating and enforcing security and access policies for endpoints connecting to the organization's network. This is the fundamental requirement for a single-SSID BYOD model. (Reference: Cisco Identity Services Engine Administrator Guide

Release 3.0

Chapter: "Cisco ISE Overview

" section "Cisco ISE Functions").

3. Cisco

"Enterprise Mobility 4.1 Design Guide": This guide explicitly recommends the single-SSID design for BYOD and identifies ISE as the key component. It states

"The single SSID design is the recommended design for BYOD... The Cisco ISE is able to differentiate between a corporate-owned device and a personal device and apply the appropriate policy." (Reference: Enterprise Mobility 4.1 Design Guide

Chapter: "Solution Components

" section "Cisco Identity Services Engine").