03-28-2018 02:52 PM
Is there a recommended ISE configuration for per-device Identity PSK at large scale?
I'm working on a wireless ISE design. It will entail numerous consumer and IoT devices in a university setting. The consumer and IoT devices are managed by individuals, not centrally. An individual might have multiple devices.
If a recommended configuration doesn't exist, I spot-tested the following configuration in my lab:
The university would have to create a custom device registration portal. The portal would generate one unique PSK for the student, and register the MAC address of the IoT device. The ISE ERS API could be used to bulk create/update the endpoints on ISE as a scheduled job.
Solved! Go to Solution.
03-28-2018 09:42 PM
ISE 2.2+ is supporting custom endpoint attributes in authorization profiles. What you have is pretty much the same as recommended.
Please note a know issue -- CSCvd40908
03-28-2018 09:42 PM
ISE 2.2+ is supporting custom endpoint attributes in authorization profiles. What you have is pretty much the same as recommended.
Please note a know issue -- CSCvd40908
03-29-2018 08:17 AM
Very nice, if you have anymore information on how you setup your controller, some screenshots and more detail to share that will help others!
03-29-2018 11:16 AM
I can certainly add screen shots of WLC and ISE.
Quick question... In My Devices Portal, is there a way to add custom fields to the portal, and link it to an endpoint custom attribute? Thanks!
03-29-2018 11:18 AM
There is not, please reach out thru sales channel to our PM that is covering this feature, his name is Ameet Kulkarni
03-30-2018 07:10 AM
Yes, that is the method we tested internally using custom attribute. I can share config used, but it is essentially what is shown above.
There is no option with current My Devices to populate custom attributes. We are well aware of the potential but cannot discuss roadmap in this forum. Customers/account team can reach out directly to account team to solicit additional details. It is certainly possible to customize custom attributes using ERS API, either directly or part of a custom portal to populate the required values per endpoint. We have other customers doing this already.
07-31-2018 11:39 PM
08-01-2018 01:58 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide