Wpa2 psk validating identity
Some common examples include older barcode scanners, medical devices, and building control devices.
This is accomplished by hosting a certificate on the RADIUS server that has been validated by a trusted Certificate Authority (CA).Typically, this rule will exist directly underneath the rules for specific clients/PSKs.Assuming you are familiar with 802.1x SSIDs (with RADIUS), the configuration of the WLC is quite simple.If the PSKs match, the client will be allowed on the network (and any additional attributes sent by the RADIUS server, such as VLAN, Qo S or ACL will be implemented).It is important to note that the WLC does not send the PSK used by the client to the RADIUS server.If it does, the RADIUS server will respond with an ACCESS-ACCEPT, including the PSK as a Cisco-AVPair (in either ASCII or HEX, depending on how it is configured).
The ACCESS-ACCEPT doesn’t necessarily mean that the client will be allowed on the network.
While this technology is not new to the industry (some other Wi Fi vendors have had different flavors of this available for quite a while), this is the first time we have been able to accomplish this on Cisco hardware.
Because it integrates with a RADIUS server, you can centralize the list of your clients/PSKs, instead of having to maintain lists of them on each WLC. In many environments, you will encounter clients that do not support 802.1x.
If using OS X, sometimes it can take up to 10 seconds for authentication to complete.
This can occur if the if the RADIUS certificate, or any certificate in the chain, is configured or CRL or OCSP.
If an attempt was made to use that PSK on another device, authentication would fail.