cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
164
Views
0
Helpful
2
Replies
Beginner

Identity Pre-Shared Key (IPSK) and Mobility Anchor

Hi All

 

Hopefully an easy one...  Is IPSK supported with mobility anchor?  I can't find anything to say it is though I also can't find anything to say it isn't...

 

As the RADIUS request is coming from the foreign controller I can't see why it wouldn't be.

I'm currently having an issue with a test deployment of this and wanted to check it is actually supported in this scenario first.

 

Many thanks in advance

1 ACCEPTED SOLUTION

Accepted Solutions
Beginner

Re: Identity Pre-Shared Key (IPSK) and Mobility Anchor

Hi Scott
Many thanks for your reply. I have managed to get the iPSK working with mobility anchor. An initial schoolboy error from me in that I was pointed the RADIUS traffic at the wrong ISE box...

After rectifying that I was still facing issues, my SSID wasn't anchoring, despite the tunnel being up and testing it successfully without the MAC filtering, checking all settings matched etc... after thinking it just wasn't going to work I bounced the tunnel and it sprang into life. My iPSK SSID is now working and I'm also dynamically assigning the VLAN which is also working, which is also good news as it means I don't have to re-think my design...
In an anchor setup the L2 auth is coming from the foreign controller. Next step is introducing an N+1 anchor....
Thanks again
Mark
2 REPLIES 2
Highlighted
Hall of Fame Master

Re: Identity Pre-Shared Key (IPSK) and Mobility Anchor

When I tested this a while back, I had an N+1 setup and SSO setup which worked fine. I don’t believe that this is meant for anchoring an SSID to another WLC. If you test the first method I mentioned and it works, your setup if fine, but when you anchor the SSID and it breaks, then I don’t believe that is supported. Anchoring to another wlc always requires the wlan to be configured the same, also with anchoring, the anchor wlc send the reply to radius not the foreign.
-Scott
*** Please rate helpful posts ***
Beginner

Re: Identity Pre-Shared Key (IPSK) and Mobility Anchor

Hi Scott
Many thanks for your reply. I have managed to get the iPSK working with mobility anchor. An initial schoolboy error from me in that I was pointed the RADIUS traffic at the wrong ISE box...

After rectifying that I was still facing issues, my SSID wasn't anchoring, despite the tunnel being up and testing it successfully without the MAC filtering, checking all settings matched etc... after thinking it just wasn't going to work I bounced the tunnel and it sprang into life. My iPSK SSID is now working and I'm also dynamically assigning the VLAN which is also working, which is also good news as it means I don't have to re-think my design...
In an anchor setup the L2 auth is coming from the foreign controller. Next step is introducing an N+1 anchor....
Thanks again
Mark
CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards