View Categories

How Cisco iPSK Authentication Works

📚 How it Works #

Identity PSK (iPSK) combines the simplicity of Pre-Shared Keys with the security and flexibility of identity-based authentication.
Instead of using a single shared PSK for all devices on a WLAN, each device (or group of devices) is assigned its own unique PSK, managed centrally by EntryPoint.

The iPSK authentication flow works as follows:

  1. A device connects to the WLAN and submits its MAC address and entered PSK to the Wireless LAN Controller (WLC).

  2. The WLC sends a RADIUS authentication request to EntryPoint, including:

    • The device’s MAC address

    • The SSID (to select the correct Context)

  3. EntryPoint looks up the MAC address in its database:

    • If found, EntryPoint returns the associated group attributes, including the group’s assigned PSK.

    • If not found, and a Default PSK is configured, EntryPoint returns the default PSK.

  4. The WLC performs PSK parsing:

    • It compares the key entered by the client against the PSK returned by EntryPoint.

  5. If the keys match, the device is authenticated and allowed onto the network.

  6. The WLC then proceeds with DHCP to assign the device an IP address. (if configured to do so)

🔒 Client Isolation Using Cisco iPSK Tags #

Cisco iPSK also supports dynamic client isolation based on group assignment:

  • Devices that authenticate using the same iPSK (and thus are part of the same group) can be configured to communicate with each other.

  • Devices with different iPSKs (different groups) can be isolated from one another even though they are on the same SSID.

This is controlled through iPSK Tags on the WLC, which are dynamically mapped by the WLC.

Benefits of iPSK-based client isolation:

  • Enhanced security without needing to segment users across multiple SSIDs.

  • Simplified network design, as only a single WLAN needs to be broadcast.

  • Granular control over device communication at the group level.

Netgraph
Powered by  GDPR Cookie Compliance
Cookie Overview

What are cookies?

Cookies are small text files consisting of letters and numbers. These are sent from Netgraph Sverige AB or our partners' web servers and stored on your device (for example, computer or mobile). They can be stored in two different ways.

Session cookies are temporary cookies that disappear when you close your browser or app.
Persistent cookies are cookies that remain on your computer until you delete them or until they expire.

Different types of cookies

Both our website and others, such as Facebook or Google, may place cookies on your computer when you visit this website. Cookies from the website you are visiting are called first-party cookies and cookies from other websites are called third-party cookies.

Other files, similar to cookies, are web beacons and similar technologies. Web beacons are small transparent graphic images that may be contained in emails we send to you.

Why do we use cookies?

We use cookies to make your visit to our website as enjoyable as possible, and to improve it even more. However, we do not store IP numbers or similar personal data about you.

Functionality cookies improve your experience

We store cookies about the pages you have visited to make your experience on our website as smooth as possible. For example, we can prevent you from seeing a pop-up window more than once.

Analytics cookies help us to make our website better

We use cookies to collect aggregate analytical information about how you use the site, such as statistics on our most popular pages. With the information we get, we can improve our web and our offers.

Deleting cookies

Your browser or device usually allows you to set which cookies can be stored on your computer. For example, you can choose to block all cookies, only accept cookies from the website you are visiting or delete all cookies when you close your browser. Look under Settings.

Questions?

Do you have any questions about how we use cookies? You can always reach Netgraph Sverige AB's data protection officer at info@netgraph.se

This information was updated on August 26, 2024.