For devices without support for Dot1x we would like to have a dynamic PSK SSID. Meaning that based on PSK entered you get different authorization results. But it seems to me that maybe I misunderstood this, because still you need to relay on MAB and Identity Groups to match the condition on the authorization policy. That is because ISE does not know the password entered. It will simply send the WLC the expected password and then it’s up to it allowing or rejecting the client.
What I don’t understand is the real benefit of this. If you still relay on MAB why having multiple PSKs would be beneficial?
Also, is there any hidden tip to achieve different authorization results based on PSK? Not really sure how mPSK would play here neither.
No comments:
Post a Comment