Well after quite a while (maybe a few years) from one of my colleagues annoying the Cisco Wireless BU, saying we need per device PSK, as we have quite a large IoT and Student Network with devices not supporting WPA/WPA2 Enterprise, Cisco have finally delivered. With the release of the Cisco WLC 8.5 code came the release of Identity Preshared Key, or Per Device PSK if you like.
Whilst I have not had a chance to lab this up as yet, this has real potential, particularly in the areas of IoT and annoying devices that don’t support WPA/WPA2 Enterprise authentication.
Taking a look at how Cisco have implemented this feature, they are utilising WPA/WPA2 PSK with mac address filtering and then using a AAA override to return the PSK for that particular device, and which VLAN/ interface the device needs to go once authentication has been successful.
The questions I still have are:
- How will Cisco implement onboarding, as there is no way in hell I want to be adding potentially 1000’s if not millions of mac addresses manually to my radius server ?
- Will it actually work as advertised – without me needing to log a TAC case?
- Will there be any option to utilise the local radius on the WLC to use this for smaller deployments?
- Im sure I’ll come up with more as we get closer to running a POC or Lab of this.
Please feel free to check out the Demo video which was uploaded to Youtube by CiscoWLAN below:
For release notes on 8.5 are available here