On 1 Aug 2017, at 17:33, Ciesinski, Nick wrote:
While WLC 8.5 did add IPSK it is probably safe to say its rather worthless for most at this time. For those who have used ISE if you watch the video on how they make IPSK work it isn’t feasible to give each of your users their own PSK key to connect to wireless. The current implementation within ISE required no feature additions to ISE to make it work. All they do is have a rule to classify a device and/or user and then send a particular PSK value that it should be using. This is a 100% manual process for each device and/or user as nothing is baked into ISE to have a user register their account or device(s) and be presented a PSK to use.
IPSK *and* ISE might be "worthless" when combined, but IPSK in it self is not (even in it's current implementation). The limitations you're talking about is purely with ISE, and not IPSK.
We use ClearPass, and we can easily query an SQL-server with MAC<->PSK mappings, yielding unique PSKs based on MAC-adresses. This SQL DB could be fed via whatever systems that already exists (CMDB or whatnot), or you could spend an hour making a simple web-frontend.
The only thing holding us back upgrading to 8.5 "right away" (only to get IPSK) is the same concern Lee has; not touching it until MR3 or similar, purely for stability reasons (-:
-- Joachim ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.
