cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1404
Views
5
Helpful
2
Replies
UncleJP
Beginner

PSK Authentication, ISE, and AAA RADIUS

Studying for ENCOR, I came across this question, which confused me:

 

3. When PSK authentication is used on a WLAN, without the use of an ISE server, which of the following devices must
be configured with the key string? (Choose two.)
a. One wireless client (each with a unique key string)
b. All wireless clients
c. All APs and WLCs
d. A RADIUS server

 

Answer: B,C

 

I understand that all wireless clients, APs, and WLCs need PSKs. Why wouldn't a RADIUS server need the PSKs, if used?  Any input is appreciated.

1 ACCEPTED SOLUTION

Accepted Solutions
Colby LeMaire
VIP Collaborator

The question specifically states that ISE is not being used.  So this would be a normal PSK SSID and no Radius server required.

PSK is traditionally set on the WLC/AP and does not need to be set on the Radius server.  But now there is the iPSK feature (Individual PSK) which allows each user to have their own PSK.  In that case, you need to have a Radius server and the Radius server returns the PSK for the device.  The WLC/AP validates that the PSK from Radius matches what the user entered and allows access.  iPSK is not widely used today just yet.

View solution in original post

2 REPLIES 2
Colby LeMaire
VIP Collaborator

The question specifically states that ISE is not being used.  So this would be a normal PSK SSID and no Radius server required.

PSK is traditionally set on the WLC/AP and does not need to be set on the Radius server.  But now there is the iPSK feature (Individual PSK) which allows each user to have their own PSK.  In that case, you need to have a Radius server and the Radius server returns the PSK for the device.  The WLC/AP validates that the PSK from Radius matches what the user entered and allows access.  iPSK is not widely used today just yet.

View solution in original post

Thank you! I believe my confusion was that I didn't know that RADIUS was ISE. I appreciate your help.
Content for Community-Ad