cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1265
Views
0
Helpful
5
Replies

Identity Pre-Shared Key (IPSK) and Mobility Anchor

R M C
Level 1
Level 1

Hi All

 

Hopefully an easy one...  Is IPSK supported with mobility anchor?  I can't find anything to say it is though I also can't find anything to say it isn't...

 

As the RADIUS request is coming from the foreign controller I can't see why it wouldn't be.

I'm currently having an issue with a test deployment of this and wanted to check it is actually supported in this scenario first.

 

Many thanks in advance

1 Accepted Solution

Accepted Solutions

Hi Scott
Many thanks for your reply. I have managed to get the iPSK working with mobility anchor. An initial schoolboy error from me in that I was pointed the RADIUS traffic at the wrong ISE box...

After rectifying that I was still facing issues, my SSID wasn't anchoring, despite the tunnel being up and testing it successfully without the MAC filtering, checking all settings matched etc... after thinking it just wasn't going to work I bounced the tunnel and it sprang into life. My iPSK SSID is now working and I'm also dynamically assigning the VLAN which is also working, which is also good news as it means I don't have to re-think my design...
In an anchor setup the L2 auth is coming from the foreign controller. Next step is introducing an N+1 anchor....
Thanks again
Mark

View solution in original post

5 Replies 5

Scott Fella
Hall of Fame
Hall of Fame
When I tested this a while back, I had an N+1 setup and SSO setup which worked fine. I don’t believe that this is meant for anchoring an SSID to another WLC. If you test the first method I mentioned and it works, your setup if fine, but when you anchor the SSID and it breaks, then I don’t believe that is supported. Anchoring to another wlc always requires the wlan to be configured the same, also with anchoring, the anchor wlc send the reply to radius not the foreign.
-Scott
*** Please rate helpful posts ***

Hi Scott
Many thanks for your reply. I have managed to get the iPSK working with mobility anchor. An initial schoolboy error from me in that I was pointed the RADIUS traffic at the wrong ISE box...

After rectifying that I was still facing issues, my SSID wasn't anchoring, despite the tunnel being up and testing it successfully without the MAC filtering, checking all settings matched etc... after thinking it just wasn't going to work I bounced the tunnel and it sprang into life. My iPSK SSID is now working and I'm also dynamically assigning the VLAN which is also working, which is also good news as it means I don't have to re-think my design...
In an anchor setup the L2 auth is coming from the foreign controller. Next step is introducing an N+1 anchor....
Thanks again
Mark

Hi


Wonder if you got any further with this?

Did you put it in to production?

I'm trying to use it on a DMZ, firewall rules seem to be correct, wlans match

 

cheers

Hi Craig

 

Apologies for the delay in replying, I missed your post.  Yes I was able to put this into production and have successfully deployed a number of group cases.  Were you able to get your deployment working?

Hi

 

Yeah got it working, issue was bad eyes put a "=" instead of a "-" in the ise policy

 

cheers

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: