Personal Pre-Shared Key Feature in CBW Access Point

Available Languages

Download Options

PDF (379.8 KB)
View with Adobe Reader on a variety of devices
ePub (317.1 KB)
View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
Mobi (Kindle) (639.6 KB)
View on Kindle device or Kindle app on multiple devices

Updated:September 30, 2021

Document ID:1633017360398501

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

kmgmt3143-personal-psk-feature-cbw

Objective

This article will explain the personal pre-shared key (PSK) feature in Cisco Business Wireless (CBW) Access Point (AP) firmware version 10.6.1.0.

Applicable Devices | Software Version

Cisco Business Wireless 140AC Access Point | 10.6.1.0 (Download latest)
Cisco Business Wireless 145AC Access Point | 10.6.1.0 (Download latest)
Cisco Business Wireless 240AC Access Point | 10.6.1.0 (Download latest)

Introduction

If you have CBW gear in your network, you can now use the personal PSK feature in firmware version 10.6.1.0!

Personal PSK, also referred to as Individual PSK (iPSK), is a feature that allows an administrator to issue unique pre-shared keys to individual devices for the same Wi-Fi Protected Access II (WPA2) personal Wireless Local Area Network (WLAN). The unique PSK is tied to the MAC address of the device. This is not supported in WLANs where WPA3 policy is enabled.

This feature authenticates the client using a RADIUS Server. It is generally intended for use by IoT devices and company issued laptops and mobile devices.

Prerequisites
Configure CBW RADIUS Settings
Configure WLAN Settings
Next Steps

Prerequisites

Make sure you have upgraded the CBW AP firmware to 10.6.1.0. Click if you would like step-by-step instructions on doing a firmware update.
You will require a RADIUS server where the personal PSK and the MAC address of the device need to be configured.
This CBW feature is supported with three different RADIUS servers - FreeRADIUS, Microsoft’s NPS, and Cisco’s ISE. The configuration will vary depending on the RADIUS server used.

Configure CBW RADIUS Settings

To configure the RADIUS settings on the CBW AP, follow the steps.

Step 1

Step 2

Click the bi-directional arrow symbol to switch to expert view.

Switch to expert view by clicking the bi-directional arrow icon.

Step 3

Navigate to Management > Admin Accounts.

Step 4

Select the RADIUS tab.

Step 5

Click on Add RADIUS Authentication Server.

Step 6

Configure the following:

Server Index - Select 1 through 6
Network User - Enable the state. By default, this is Enabled
Management - Enable the state. By default, this is Enabled
State - Enable the state. By default, this is Enabled
CoA – Make sure charge of authority (CoA) is enabled.
Server IP Address - Enter the IPv4 address of the RADIUS server
Shared Secret - Enter the shared secret key
Port Number - Enter the port number being used for communicating with the RADIUS server.
Server Timeout - Enter the server timeout

Click Apply.

Configure WLAN Settings

Create a WLAN as a standard WPA2 Personal Secured WLAN.

The pre-shared key will not be used for the personal PSK devices. This would only be used for devices that are NOT authenticated on the RADIUS server. You would need to add the MAC addresses of ANY device that will be connecting to this WLAN to the allow-list of this device.