Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1152
Views
5
Helpful
1
Replies

iPSK For internal and external WLAN

craiglebutt
Level 4
Level 4

‎05-04-2021 08:23 AM

We use iPSK for devices which don't belong to the company but require internet access, so this goes via a mobility anchor

 

I'm just testing for a internal version of the ipsk, but all traffic seems to be hitting the policy for the external setup.

The calling station is different, the end point group is correct, the policy allows access.

 

Question is can you have 2 separate policy sets for ipsk, one for a internal wireless network and 1 for a mobility anchor?


Cheers

0 Helpful
1 Reply 1

Greg Gibbs
Cisco Employee
Cisco Employee

‎05-05-2021 03:35 PM

If I understand correctly, you have two different SSIDs; one that is switched on an internal (Foreign) WLC and another that is tunneled to an external (Anchor) WLC. Both SSIDs are using PSK + RADIUS for authentication by the WLC and authorisation by ISE. Is that correct?

If the SSID names are unique, you can use the Called-Station-ID as a matching condition in your Policy sets to create differentiated AuthC/AuthZ policies. See the example in the ISE PoliciesISE Policies Based on SSID Configuration Examples technote.

With current versions of ISE, you can use the 'Called-Station-ID ENDSWITH :SSIDname' matching condition without needing regex.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents