

Network Security
Strengthening BYOD Security and Network Visibility with Cisco ISE
Client
Manufacturing Industry
Industry
Manufacturing
Year
Duration
3 Weeks
(01)
Project overview.
A furniture manufacturing corporation needed a secure and scalable way to support Bring Your Own Device access for employees, guests, and authorized contractors across multiple locations. The company wanted to improve endpoint compliance, strengthen wired and wireless security, and gain better visibility into network activity.
PM2 NET assessed the company’s existing Cisco wireless infrastructure and designed a Cisco Identity Services Engine solution to improve access control, endpoint profiling, segmentation, policy enforcement, and network visibility. By deploying Cisco ISE with high availability and policy-based access controls, PM2 NET helped the company support BYOD flexibility while protecting internal resources.
Client Background
The client is a furniture manufacturing corporation founded in 1996 and based in Cypress, California. The company designs, manufactures, and distributes seating solutions for business, healthcare, government, and education markets.
The organization serves customers through commercial furniture dealers and operates across six locations, including warehouses and corporate offices in Cypress, Tech Center, Olympus, Buena Park, Mexico, and La Mirada.
As the company expanded across multiple locations, secure and centralized network access became increasingly important for employees, guests, contractors, and connected devices.


(02)
Challenge.
Bring Your Own Device Access
The company wanted employees to use personal devices to work more flexibly from different locations. It also wanted guests and authorized contractors to connect to the network using their own devices.
While BYOD could improve productivity, collaboration, and user satisfaction, it also introduced security risks. Personal laptops, phones, and tablets are more difficult to manage than corporate-owned devices and may expose the enterprise network to unauthorized access, malware, viruses, or data compromise.
The company needed a solution that would allow BYOD access without putting valuable business systems and internal resources at risk.
Endpoint Compliance
Endpoint threats were a major concern. Personal devices and unmanaged systems could contain outdated software, missing patches, malware, or other vulnerabilities.
The organization needed a security platform that could help validate endpoints, enforce policies, and adapt as threats evolved. The goal was to ensure that only trusted and properly authorized devices could access appropriate network resources.
Visibility Across Wired and Wireless Networks
The company also needed stronger visibility across its wired and wireless environments. With multiple corporate offices, warehouses, and operational sites, it was difficult to detect, monitor, and manage potential threats consistently.
The client needed a centralized management solution that could identify users and devices, enforce access policies, monitor authentication activity, and support security decisions across multiple locations.
(03)
Result.
PM2 NET began by assessing the company’s existing network infrastructure, including its Cisco wireless LAN controllers. The client’s main goals were to improve security, increase control, and deploy a solution that could scale across its locations.
PM2 NET recommended Cisco Identity Services Engine, commonly known as Cisco ISE, as the foundation for the company’s secure access strategy.
Design and Discovery
PM2 NET conducted a design session to understand the company’s existing infrastructure, network systems, access requirements, and security goals. The engineering team reviewed how Cisco ISE could be integrated into the current environment without disrupting business operations.
After completing a walkthrough of the environment, PM2 NET proposed deploying two Cisco ISE nodes for high availability. This design helped ensure continued operation if one node failed.
The proposed Cisco ISE deployment incorporated three key personas:
Administration
Monitoring
Policy
This structure provided centralized control, visibility, and policy enforcement for both wired and wireless access.
Monitoring Mode and Traffic Analysis
PM2 NET first deployed Cisco ISE in monitoring mode. This allowed the team to observe incoming network traffic and better understand user behavior, device types, authentication patterns, and access requirements.
This monitoring phase was critical because it gave PM2 NET and the client’s IT team the information needed to tune policies before enforcement. By analyzing the traffic, PM2 NET could determine which devices belonged to employees, guests, contractors, printers, scanners, and other endpoint categories.
Network Segmentation and Policy Tuning
After gaining visibility into the environment, PM2 NET moved into a tuning period. During this phase, the team prepared the environment for segmentation and policy enforcement.
One of the key recommendations was to separate network access based on user and device type. For example, guest users would be placed on a guest VLAN with internet-only access and no access to enterprise databases or internal systems.
This segmentation helped reduce risk by ensuring that users and devices only received the level of access required for their role.
Enforcement Mode
Once the policies were tuned, PM2 NET configured Cisco ISE in enforcement mode. This allowed the company to actively enforce network access policies, including guest credentials, guest SSID access, device classification, and user-based authorization.
PM2 NET configured four SSIDs to support different access requirements:
Corporate users: Full network access to internal resources
Guests: Internet access only, with no internal resource access
Devices: Access for agentless devices such as scanners and printers that do not support 802.1X
Contractors: Internet access and limited access to approved internal resources, such as printers and scanners
This model allowed the company to support multiple access scenarios without exposing sensitive internal systems to unnecessary risk.
Wired Device Security
PM2 NET also addressed wired network security. The company needed protection not only for wireless users but also for individuals or devices connecting through switches.
Cisco ISE supported this requirement through TACACS+, helping manage authentication, authorization, and accounting for wired network devices. This gave the IT team greater control over administrative access and improved accountability across the wired infrastructure.
The Result
PM2 NET helped the company deploy a robust network access control solution that improved endpoint security, user visibility, network segmentation, and BYOD control.
With Cisco ISE, the company gained the ability to identify who was connecting to the network, what device they were using, where they were connecting from, and what level of access they should receive.
The solution also helped the company scale its security approach across multiple locations while simplifying management through centralized visibility and policy control.
Key Advantages
Secure BYOD Enablement
The company could now support BYOD for employees, guests, and authorized contractors in a more secure way. Employees could access internal resources through proper authentication, while guests were restricted to internet-only access.
This allowed the business to gain the productivity and flexibility benefits of BYOD while reducing exposure to internal systems.
Identity-Based Network Access
Cisco ISE allowed the company’s IT staff to track and trace user identities across the network. Users connecting to WiFi with credentials could be authenticated and assigned the correct level of access.
Employees using 802.1X authentication could securely access internal resources, while guests and contractors were placed into restricted access groups.
Device Profiling
Cisco ISE also enabled profiling for devices that did not support 802.1X authentication, such as printers and scanners. These devices could be identified and authorized through Media Access Control address bypass, also known as MAB.
This helped the company manage agentless devices without weakening the overall security model.
Improved Wired and Wireless Visibility
The Cisco ISE management console gave the IT team visibility into both wired and wireless devices. Network administrators could see who logged in, where they connected from, what type of device they used, which operating system was running, and other important endpoint details.
This visibility made it easier to detect suspicious activity, assess endpoint risk, and manage access across the environment.
Stronger Endpoint Compliance
The solution supported endpoint compliance by helping the company identify and manage devices connecting to the network. Cisco ISE provided a framework for policy-based access and helped the organization reduce the risks associated with unmanaged or noncompliant endpoints.
Scalable Multi-Location Security
Because the company operated across multiple warehouses and corporate offices, scalability was essential. Cisco ISE gave the organization a centralized and expandable security model that could support its growing operational footprint.
Key Outcomes
Assessed the company’s existing Cisco wireless infrastructure
Designed and deployed Cisco ISE with two nodes for high availability
Implemented monitoring, tuning, and enforcement phases
Created segmented access for employees, guests, devices, and contractors
Improved BYOD security across wired and wireless networks
Enabled endpoint profiling for printers, scanners, and agentless devices
Strengthened network visibility and access control across multiple locations
Supported scalable security management for corporate offices and warehouses

Network Security
Strengthening BYOD Security and Network Visibility with Cisco ISE
Client
Manufacturing Industry
Industry
Manufacturing
Year
Duration
3 Weeks
(01)
Project overview.
A furniture manufacturing corporation needed a secure and scalable way to support Bring Your Own Device access for employees, guests, and authorized contractors across multiple locations. The company wanted to improve endpoint compliance, strengthen wired and wireless security, and gain better visibility into network activity.
PM2 NET assessed the company’s existing Cisco wireless infrastructure and designed a Cisco Identity Services Engine solution to improve access control, endpoint profiling, segmentation, policy enforcement, and network visibility. By deploying Cisco ISE with high availability and policy-based access controls, PM2 NET helped the company support BYOD flexibility while protecting internal resources.
Client Background
The client is a furniture manufacturing corporation founded in 1996 and based in Cypress, California. The company designs, manufactures, and distributes seating solutions for business, healthcare, government, and education markets.
The organization serves customers through commercial furniture dealers and operates across six locations, including warehouses and corporate offices in Cypress, Tech Center, Olympus, Buena Park, Mexico, and La Mirada.
As the company expanded across multiple locations, secure and centralized network access became increasingly important for employees, guests, contractors, and connected devices.

(02)
Challenge.
Bring Your Own Device Access
The company wanted employees to use personal devices to work more flexibly from different locations. It also wanted guests and authorized contractors to connect to the network using their own devices.
While BYOD could improve productivity, collaboration, and user satisfaction, it also introduced security risks. Personal laptops, phones, and tablets are more difficult to manage than corporate-owned devices and may expose the enterprise network to unauthorized access, malware, viruses, or data compromise.
The company needed a solution that would allow BYOD access without putting valuable business systems and internal resources at risk.
Endpoint Compliance
Endpoint threats were a major concern. Personal devices and unmanaged systems could contain outdated software, missing patches, malware, or other vulnerabilities.
The organization needed a security platform that could help validate endpoints, enforce policies, and adapt as threats evolved. The goal was to ensure that only trusted and properly authorized devices could access appropriate network resources.
Visibility Across Wired and Wireless Networks
The company also needed stronger visibility across its wired and wireless environments. With multiple corporate offices, warehouses, and operational sites, it was difficult to detect, monitor, and manage potential threats consistently.
The client needed a centralized management solution that could identify users and devices, enforce access policies, monitor authentication activity, and support security decisions across multiple locations.
(03)
Result.
PM2 NET began by assessing the company’s existing network infrastructure, including its Cisco wireless LAN controllers. The client’s main goals were to improve security, increase control, and deploy a solution that could scale across its locations.
PM2 NET recommended Cisco Identity Services Engine, commonly known as Cisco ISE, as the foundation for the company’s secure access strategy.
Design and Discovery
PM2 NET conducted a design session to understand the company’s existing infrastructure, network systems, access requirements, and security goals. The engineering team reviewed how Cisco ISE could be integrated into the current environment without disrupting business operations.
After completing a walkthrough of the environment, PM2 NET proposed deploying two Cisco ISE nodes for high availability. This design helped ensure continued operation if one node failed.
The proposed Cisco ISE deployment incorporated three key personas:
Administration
Monitoring
Policy
This structure provided centralized control, visibility, and policy enforcement for both wired and wireless access.
Monitoring Mode and Traffic Analysis
PM2 NET first deployed Cisco ISE in monitoring mode. This allowed the team to observe incoming network traffic and better understand user behavior, device types, authentication patterns, and access requirements.
This monitoring phase was critical because it gave PM2 NET and the client’s IT team the information needed to tune policies before enforcement. By analyzing the traffic, PM2 NET could determine which devices belonged to employees, guests, contractors, printers, scanners, and other endpoint categories.
Network Segmentation and Policy Tuning
After gaining visibility into the environment, PM2 NET moved into a tuning period. During this phase, the team prepared the environment for segmentation and policy enforcement.
One of the key recommendations was to separate network access based on user and device type. For example, guest users would be placed on a guest VLAN with internet-only access and no access to enterprise databases or internal systems.
This segmentation helped reduce risk by ensuring that users and devices only received the level of access required for their role.
Enforcement Mode
Once the policies were tuned, PM2 NET configured Cisco ISE in enforcement mode. This allowed the company to actively enforce network access policies, including guest credentials, guest SSID access, device classification, and user-based authorization.
PM2 NET configured four SSIDs to support different access requirements:
Corporate users: Full network access to internal resources
Guests: Internet access only, with no internal resource access
Devices: Access for agentless devices such as scanners and printers that do not support 802.1X
Contractors: Internet access and limited access to approved internal resources, such as printers and scanners
This model allowed the company to support multiple access scenarios without exposing sensitive internal systems to unnecessary risk.
Wired Device Security
PM2 NET also addressed wired network security. The company needed protection not only for wireless users but also for individuals or devices connecting through switches.
Cisco ISE supported this requirement through TACACS+, helping manage authentication, authorization, and accounting for wired network devices. This gave the IT team greater control over administrative access and improved accountability across the wired infrastructure.
The Result
PM2 NET helped the company deploy a robust network access control solution that improved endpoint security, user visibility, network segmentation, and BYOD control.
With Cisco ISE, the company gained the ability to identify who was connecting to the network, what device they were using, where they were connecting from, and what level of access they should receive.
The solution also helped the company scale its security approach across multiple locations while simplifying management through centralized visibility and policy control.
Key Advantages
Secure BYOD Enablement
The company could now support BYOD for employees, guests, and authorized contractors in a more secure way. Employees could access internal resources through proper authentication, while guests were restricted to internet-only access.
This allowed the business to gain the productivity and flexibility benefits of BYOD while reducing exposure to internal systems.
Identity-Based Network Access
Cisco ISE allowed the company’s IT staff to track and trace user identities across the network. Users connecting to WiFi with credentials could be authenticated and assigned the correct level of access.
Employees using 802.1X authentication could securely access internal resources, while guests and contractors were placed into restricted access groups.
Device Profiling
Cisco ISE also enabled profiling for devices that did not support 802.1X authentication, such as printers and scanners. These devices could be identified and authorized through Media Access Control address bypass, also known as MAB.
This helped the company manage agentless devices without weakening the overall security model.
Improved Wired and Wireless Visibility
The Cisco ISE management console gave the IT team visibility into both wired and wireless devices. Network administrators could see who logged in, where they connected from, what type of device they used, which operating system was running, and other important endpoint details.
This visibility made it easier to detect suspicious activity, assess endpoint risk, and manage access across the environment.
Stronger Endpoint Compliance
The solution supported endpoint compliance by helping the company identify and manage devices connecting to the network. Cisco ISE provided a framework for policy-based access and helped the organization reduce the risks associated with unmanaged or noncompliant endpoints.
Scalable Multi-Location Security
Because the company operated across multiple warehouses and corporate offices, scalability was essential. Cisco ISE gave the organization a centralized and expandable security model that could support its growing operational footprint.
Key Outcomes
Assessed the company’s existing Cisco wireless infrastructure
Designed and deployed Cisco ISE with two nodes for high availability
Implemented monitoring, tuning, and enforcement phases
Created segmented access for employees, guests, devices, and contractors
Improved BYOD security across wired and wireless networks
Enabled endpoint profiling for printers, scanners, and agentless devices
Strengthened network visibility and access control across multiple locations
Supported scalable security management for corporate offices and warehouses
(04 Projects)
More projects.
Hungry for more? Here's some more case studies from PM2NET talented engineering team

Network Security
Improving Hospital Wireless Coverage and RTLS Readiness Across Seven Facilities

IT Infrastructure
Enhancing School District Wireless Infrastructure with Aruba Access Points

Live Streaming
Migrating a School District Phone System from Cisco UC VoIP to Microsoft Zoom

IT Infrastructure
Upgrading Education Network Infrastructure with Aruba Switching and Wireless APs
(04 Projects)
More projects.
Hungry for more? Here's some more articles you might enjoy, authored by our talented team.

Network Security
Strengthening BYOD Security and Network Visibility with Cisco ISE

Network Security
Improving Hospital Wireless Coverage and RTLS Readiness Across Seven Facilities

IT Infrastructure
Enhancing School District Wireless Infrastructure with Aruba Access Points

Live Streaming
