cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

356
Views
5
Helpful
2
Replies
Highlighted
Beginner

PSK Authentication, ISE, and AAA RADIUS

Studying for ENCOR, I came across this question, which confused me:

 

3. When PSK authentication is used on a WLAN, without the use of an ISE server, which of the following devices must
be configured with the key string? (Choose two.)
a. One wireless client (each with a unique key string)
b. All wireless clients
c. All APs and WLCs
d. A RADIUS server

 

Answer: B,C

 

I understand that all wireless clients, APs, and WLCs need PSKs. Why wouldn't a RADIUS server need the PSKs, if used?  Any input is appreciated.

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Rising star

Re: PSK Authentication, ISE, and AAA RADIUS

The question specifically states that ISE is not being used.  So this would be a normal PSK SSID and no Radius server required.

PSK is traditionally set on the WLC/AP and does not need to be set on the Radius server.  But now there is the iPSK feature (Individual PSK) which allows each user to have their own PSK.  In that case, you need to have a Radius server and the Radius server returns the PSK for the device.  The WLC/AP validates that the PSK from Radius matches what the user entered and allows access.  iPSK is not widely used today just yet.

View solution in original post

2 REPLIES 2
Highlighted
Rising star

Re: PSK Authentication, ISE, and AAA RADIUS

The question specifically states that ISE is not being used.  So this would be a normal PSK SSID and no Radius server required.

PSK is traditionally set on the WLC/AP and does not need to be set on the Radius server.  But now there is the iPSK feature (Individual PSK) which allows each user to have their own PSK.  In that case, you need to have a Radius server and the Radius server returns the PSK for the device.  The WLC/AP validates that the PSK from Radius matches what the user entered and allows access.  iPSK is not widely used today just yet.

View solution in original post

Highlighted
Beginner

Re: PSK Authentication, ISE, and AAA RADIUS

Thank you! I believe my confusion was that I didn't know that RADIUS was ISE. I appreciate your help.