CSCwh18572 - Headless iPSK/mPSK

Marty Harrison · ‎03-16-2024

Why can't Cisco catch up and do this? It is such a simple concept. Aruba, Ruckus and even Ubiquiti can all do it. I don't mind running a Radius server but dot1x is not suitable for many environments. We have events where 5000 people turn up on first day of the event. Getting that many MAC addresses onboarded with iPSK is beyond pointless. We have done multiple PSK solutions with Ruckus and even Ubiquiti with great success and ease. It is really frustrating to have no option here with Cisco.

Philip D'Ath · ‎03-16-2024

This is fairly straight forward with Cisco Meraki. I would use one of the QR onboarding providers like Splash Access. Everything is 100% cloud based.

https://www.splashaccess.com/portfolio/secure-wpa-2-guest-wifi-dashboard-cisco-meraki/#:~:text=Simple%20QR%20Code%20Access,email%20with%20the%20login%20credentials

Marty Harrison · ‎03-17-2024

Hi. Thank you for your reply. I forgot to include Meraki in the list of alternatives. It is not much help when you are heavily invested in Catalyst. We have over ten controllers and 500+ APs. We use catalyst for many reasons that Meraki doesn't cover. If I was going to be re-investing at this stage, I would be looking at alternative suppliers.

Karsten Iwen · ‎03-17-2024

I never understood why this is not possible on Catalyst. The first time I wanted to use it (after having it running on a different Meraki network), I thought I was doing something wrong because I didn't find how to do it ...

Philip D'Ath · ‎04-23-2024

Splash Access has now released a cloud-based iPSK manager for Catalyst WLC.

https://www.linkedin.com/pulse/cisco-catalyst-ipsk-manager-udn-from-splashaccess-tim-ormrod-1k8ze/

Chico Lacta · ‎04-23-2024

I agree that other vendors have had this for a while and it is very easy to roll out. I don't understand why Cisco can't easily implement this? It would be a very helpful feature in our OT environment.

Phil-C · ‎04-23-2024

This would be an excellent feature. Would help us reduce our number of broadcasted SSIDs. Surprised this is not something that has been implemented. Hopefully it is soon.

DamienCheddar · ‎04-23-2024

I have used this feature with ease in the past with Ubiquiti. It is odd that they have a feature on the Meraki platform but haven't seemed to figure out how to implement this into their leading Catalyst platform.

LactAlex · ‎04-23-2024

Requiring a pre-built MAC table on the RADIUS server kills this concept for us. We need a BYOD solution that allows users to access different VLANs using different PSKs. Needing to manually add devices to a MAC list is severely limiting to the possible applications of this concept. We've standardized on Catalyst APs to have redundancy across all sites with APs able to migrate to a different 9800CL in the event of an outage. In the meantime, we will continue to clog airspace with multiple SSIDs to direct devices on to different VLANs. It would be much nicer to have a single SSID with multiple PSKs for our myriad VLANs. I've been assured by our chosen firewall vendor that this would be trivial to accomplish on their platform, and since the firewalls act as the controllers, redundancy would be easy as well. We would lose DNA and some deep features, but when the refresh comes around we will certainly have a Pros/Cons board for switching vendors.