Cisco wireless with iPSK

Legal Disclaimer: The resource assets in this website may include abbreviated and/or legacy terminology for HPE Aruba Networking products. See www.arubanetworks.com for current and complete HPE Aruba Networking product lines and names.

Cisco Wireless with iPSK

The Cisco Wireless with iPSK service template allows you to authenticate devices using a Cisco identity Pre-Shared-Key (iPSK). This template supports Cisco architectures IOS-XE and Legacy.

To access the Cisco Wireless with iPSK service template:

1. Navigate to Configuration > Service Templates & Wizards.

2. From the Service Templates & Wizards page, select Cisco Wireless with iPSK. The following page opens:

Figure 1 Cisco Wireless with iPSK Template

General Tab

1. Specify the General tab service template parameters as described in the following table:

Table 1: General Tab Parameters
Parameter	Action/Description
General
Name Prefix	Enter a unique prefix that is appended to services using this template. Use this to identify the services that use this template.

2. Click Next or select the Wireless Network Settings tab.

Wireless Network Settings

When you select the Wireless Network Settings tab, the following configuration dialog opens:

Figure 2 Wireless Network Settings Configuration Dialog

1. Specify the Wireless Network Settings tab service template parameters as described in the following table:

Table 2: Wireless Network Settings Parameters
Parameter	Action/Description
Wireless Network Settings

SSID Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. Name	Specify one or more SSID Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. names separated by commas.
Wireless Controller Name	Specify the name of a wireless controller. NOTE: The controller must exist in the Policy Manager server's list of network devices (see Adding a Network Device).
Controller IP Address	The Controller IP Address is automatically populated when you select a wireless controller.
Vendor Name	The vendor name can be set to Cisco or Meraki.
RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. Shared Secret	The RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. Shared Secret is automatically populated when you select a wireless controller.
Enable RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. Dynamic Authorization	If RADIUS Dynamic Authorization has not been automatically enabled, click the check box to enable this option. RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. Dynamic Authorization allows dynamic changes to a user session, as implemented by network access server products. This includes support for disconnecting users and changing authorizations applicable to a user session.
Dynamic Authorization Port	The access point's UDP User Datagram Protocol. UDP is a part of the TCP/IP family of protocols used for data transfer. UDP is typically used for streaming media. UDP is a stateless protocol, which means it does not acknowledge that the packets being sent have been received. Port for Dynamic Authorization must be reachable from your RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. server. The Dynamic Authorization Port is set by default to 3799. However, when configuring dynamic authorization Dynamic authorization refers to the ability to make changes to a visitor account’s session while it is in progress. This might include disconnecting a session or updating some aspect of the authorization for the session. (DA) for Cisco devices, the dynamic authorization Dynamic authorization refers to the ability to make changes to a visitor account’s session while it is in progress. This might include disconnecting a session or updating some aspect of the authorization for the session. port should be specified as 1700 instead of 3799.
Enable RadSec	Select this option to enable RadSec

2. Click Next or select the Device Roles tab.

Device Roles

Define logical device roles (think tags) that allow for dynamic policy construction; for example, Media Player, Printer, Game Console, Building Controls, etc. You can enter up to ten device roles. When you select the Device Roles tab, the following configuration dialog opens:

Figure 3 Device Roles Configuration Dialog

1. Select one or more existing roles from the drop-down or type in a role name to create a new one.

2. Click Next or select the Enforcement Details tab.

Enforcement Details

The device roles selected in the Device Roles dialog are populated into the new Enforcement policy defined in the Enforcement Details configuration dialog. You can create a policy for Legacy or iOS-XE device types. The available enforcement policy settings for an iOS-XE device type are Device Role and Group Policy. If you are creating a enforcement policy for a Legacy device type, you can figure settings for Device Role, Group Policy, Interface Group and ACL Access Control List. ACL is a common way of restricting certain types of traffic on a physical port..

Figure 4 Enforcement Details Configuration Dialog for a Legacy device type

Figure 5 Enforcement Details configuration for an iOS-XE Device type

3. Click Add Service.

The Cisco Wireles with IPSK service is created, and ClearPass again displays the Services page where the new service is now listed. If desired, you can select the service in the Configuration Services table to view details on the service configuration.

Figure 6 Services Summary for Cisco Wireless with iPSK service