Cisco Identity PSK

Well after quite a while (maybe a few years) from one of my colleagues annoying the Cisco Wireless BU, saying we need per device PSK, as we have quite a large IoT and Student Network with devices not supporting WPA/WPA2 Enterprise, Cisco have finally delivered. With the release of the Cisco WLC 8.5 code came the release of Identity Preshared Key, or Per Device PSK if you like.

Whilst I have not had a chance to lab this up as yet, this has real potential, particularly in the areas of IoT and annoying devices that don’t support WPA/WPA2 Enterprise authentication.

Taking a look at how Cisco have implemented this feature, they are utilising WPA/WPA2 PSK with mac address filtering and then using a AAA override to return the PSK for that particular device, and which VLAN/ interface the device needs to go once authentication has been successful.

The questions I still have are:

  • How will Cisco implement onboarding, as there is no way in hell I want to be adding potentially 1000’s if not millions of mac addresses manually to my radius server ?
  • Will it actually work as advertised – without me needing to log a TAC case?
  • Will there be any option to utilise the local radius on the WLC to use this for smaller deployments?
  • Im sure I’ll come up with more as we get closer to running a POC or Lab of this.

Please feel free to check out the Demo video which was uploaded to Youtube by CiscoWLAN below:

For release notes on 8.5 are available here


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s