Cisco Identity PSK

Well after quite a while (maybe a few years) from one of my colleagues annoying the Cisco Wireless BU, saying we need per device PSK, as we have quite a large IoT and Student Network with devices not supporting WPA/WPA2 Enterprise, Cisco have finally delivered. With the release of the Cisco WLC 8.5 code came the release of Identity Preshared Key, or Per Device PSK if you like.

Whilst I have not had a chance to lab this up as yet, this has real potential, particularly in the areas of IoT and annoying devices that don’t support WPA/WPA2 Enterprise authentication.

Taking a look at how Cisco have implemented this feature, they are utilising WPA/WPA2 PSK with mac address filtering and then using a AAA override to return the PSK for that particular device, and which VLAN/ interface the device needs to go once authentication has been successful.

The questions I still have are:

  • How will Cisco implement onboarding, as there is no way in hell I want to be adding potentially 1000’s if not millions of mac addresses manually to my radius server ?
  • Will it actually work as advertised – without me needing to log a TAC case?
  • Will there be any option to utilise the local radius on the WLC to use this for smaller deployments?
  • Im sure I’ll come up with more as we get closer to running a POC or Lab of this.

Please feel free to check out the Demo video which was uploaded to Youtube by CiscoWLAN below:

For release notes on 8.5 are available here

3 thoughts on “Cisco Identity PSK

  1. Adam Watson

    This is exactly my question. “How will Cisco implement onboarding, as there is no way in hell I want to be adding potentially 1000’s if not millions of mac addresses manually to my radius server ?”

    There has to be a way other than entering a 1000 auth rules for each mac-address.

    Like

  2. steve berglund

    If you guys haven’t found the answer already, or if someone else happens across this, you can use Endpoint ID groups to match policy instead of individual MACs.

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s