Buy or Renew
Buy or Renew
ATTENTION: We are currently working an issue with posting. Thank you for your patience while we work on a resolution.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
579
Views
0
Helpful
2
Replies

iPSK not working

craiglebutt
Level 4
Level 4

‎10-09-2019 06:42 AM

Just testing iPSK, I've followed the official Cisco links and several other people who have set this up, but I must be missing something simple.

The WLC is running 8.5.140, ISE is 2.2 Patch 15

 

As you will see on the policy set picture I've tried to setup using End Point Groups and calling station id = mac address, with permit all and psk just to get the basic connect working.

 

2 Endpoint Groups IPSK-Phone630 , IPSK-Phone681, both have at least 1 mac address for testing.

All Auth Profiles Access

Type = ACCESS_ACCEPT

cisco-av-pair = psk=mode=asci

cisco-av-pair = psk=abc12345

 

Have attached the RADIUS failure.  The WLC is configured correctly, have tippled checked all configs but something not just there, just need a fresh set of eyes

 

cheers

 

 

policy set.JPG

Preview file
110 KB
0 Helpful
2 Replies 2

Colby LeMaire
VIP Alumni
VIP Alumni

‎10-09-2019 07:12 AM

In your authorization policy, you are looking for a calling-station-id of the MAC address with colons ":" and capital letters.  If you look at the failure details, the attribute for calling-station-id uses dashes "-" and lower-case letters.  That is why you aren't matching on an authorization rule and falling down to the default of deny access.

0 Helpful

craiglebutt
Level 4
Level 4
In response to Colby LeMaire

‎10-09-2019 07:27 AM

 

I see what you are saying, the ISE changes the "-" to ":", even when entering on adding devices to Endpoints and creating Policy's.

 

In the Radius Live Logs appears as ":"

 

cheers

0 Helpful
Customers Also Viewed These Support Documents