Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

zma
New Member

WPA-PSK not supported for ISE guest CWA?

I have a config with ISE hosting guest CWA for an open SSID with MAC filtering. 

Everything worked fine until i was told to config a PSK before the guests were allowed to hit the CWA portal.

I tried to enable a Layer 2 security WAP-PSK but got an error

" WAP-PSK can be enabled only with Web-Auth when Radius NAC is enabled"

Has anyone done a MAC-filtering based ISE CWA with WPA-PSK? Is it not a supported configuration?

I am running ISE 1.2 and WLC5508 7.4.121.0

Thanks a lot.

  • Getting Started with Wireless
Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions
VIP Purple

Hi,Please chekc the Wireless

Hi,

Please chekc the Wireless LAN Controller Layer 2 – Layer 3 Security Compatibility Matrix

http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/106082-wlc-compatibility-matrix.html

you shouldn't be able to enable RADIUS NAC if you're configured for a PSK.If you want to do the CWA, you will use the mac-filtering option for L2 security and set security type to None.  This will allow you to specify the RADIUS NAC option correctly.

So as per my knowledge: you can not enable wpa-pask, mac filter with CWA. you should use mac filter+NAC.

Regards

Dont forget to rate helpful posts

 

 

4 REPLIES
VIP Purple

Hi,Please chekc the Wireless

Hi,

Please chekc the Wireless LAN Controller Layer 2 – Layer 3 Security Compatibility Matrix

http://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/106082-wlc-compatibility-matrix.html

you shouldn't be able to enable RADIUS NAC if you're configured for a PSK.If you want to do the CWA, you will use the mac-filtering option for L2 security and set security type to None.  This will allow you to specify the RADIUS NAC option correctly.

So as per my knowledge: you can not enable wpa-pask, mac filter with CWA. you should use mac filter+NAC.

Regards

Dont forget to rate helpful posts

 

 

zma
New Member

Thank you Sandeep. 

Thank you Sandeep. 

Hall of Fame Super Silver

For anybody researching this

For anybody researching this feature - note that in 2016 WLC software 8.3 added the ability to use both PSK and RADIUS NAC.

Reference:

http://www.cisco.com/c/en/us/td/docs/wireless/controller/release/notes/crn83.html#31794

Yes, that's true we can not

Yes, that's true we can not enable wpa-psk, mac filter with CWA. It can be done through the use of mac filter+NAC.

751
Views
0
Helpful
4
Replies
This widget could not be displayed.