We use Cloudpath, and ISE. For the non WPA2-Enterprise devices, or even some that are unusually painful to setup - we send them to Cloudpath to register the MAC address, then Cloudpath sends an API call with the MAC, user account, and a dynamically generated PSK to an interim Linux box which sends it to ISE. The interim Linux box is only there because Cloudpath originally did not accept API calls back from ISE (maybe it does now?) confirming the device had been registered, and because we found no direct way to generate iPSKs in ISE.
We then have the Cisco WLC configured for i-PSK against ISE for the non WPA2-Enterprise WLAN. There is also an i-PSK Manager out there that I intend to play with at some point: https://community.cisco.com/t5/security-documents/ipsk-identity-pre-shared-key-manager-portal-server-for-ise/ta-p/3904265 Good luck. Thanks, Curtis [https://kxiwq67737.i.lithium.com/t5/image/serverpage/image-id/47654iB50DFA4030D5D0F9?v=1.0]<https://community.cisco.com/t5/security-documents/ipsk-identity-pre-shared-key-manager-portal-server-for-ise/ta-p/3904265> iPSK (Identity Pre-Shared-Key) Manager ... - Cisco Community<https://community.cisco.com/t5/security-documents/ipsk-identity-pre-shared-key-manager-portal-server-for-ise/ta-p/3904265> Introduction PSK (Pre-Shared-Key) WLAN is widely used for consumer & enterprise IoT onboarding as most of IoT device doesn’t support 802.1X. While PSK WLAN provides easy way to onboard IoT, it also introduces challenge as it doesn’t provide security that many enterprise requires due to limitation o... community.cisco.com ________________________________ From: The EDUCAUSE Wireless Issues Community Group Listserv <[email protected]> on behalf of Klingaman, Ryan <[email protected]> Sent: Tuesday, May 26, 2020 4:15 PM To: [email protected] <[email protected]> Subject: [WIRELESS-LAN] securew2 and all the devices that don't support it. I have been a long time user of Ruckus and Cloudpath and have been looking into Aruba and Clearpass lately. I see from this list that there are a few colleges that use securew2 in place of something like Clearpass or Cloudpath. My question is for those that use it, what is your solution for the gaming consoles, media players, virtual assistants, etc.? Do you only support hardwired on those devices (if they support that option)? Do you have a custom solution tied into the API of the wireless Vendor? Do you use two solutions such as Clearpass and Securew2? Thanks, Ryan ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
