Adam Hollifield

Multiple Pre-Shared Key or MPSK helps solve for IOT or other endpoint device types that are not 802.1X capable.  The Aruba ClearPass default implementation of MPSK (the configuration created by the wizard) requires manually registering, enrolling, and managing individual PSK keys per endpoint using the ClearPass Guest dashboard.  While the most secure approach, excluding any sort of API based automation, this can obviously be a nightmare to manage and support due to the sheer number of PSKs.  This approach instead delivers a unique PSK per device type (printer, thermostat, etc.) so that each flavor of endpoint would have its own PSK.  If one PSK was compromised, then only those endpoints would need to be manually re-configured.  PSK rotation would also be limited to only those specific device types allowing rotation to take place slowly over several weeks rather than all devices at the same time on the SSID with a traditional single PSK; lessoning the burden on IT staff and minimizing

Cisco Identity Services Engine 2.6 introduced the concept of the ISE Messaging Service as an encrypted, lightweight protocol to replace syslog communication between the ISE nodes for logging purposes.  The ISE Messaging Services runs over TCP/8671.  In 2.6 Patch 2 and later, the Cisco ISE Messaging Service is enabled by default.   The overall implementation of the ISE Messaging Service has been buggy (but has gotten much better in recent versions) in both new ISE builds and upgrades.  One solution is simply to disable the ISE Messaging Service within Administration > System > Logging.  But then the ISE logging traffic isn't encrypted and the legacy syslog delivery method is not as efficient as the ISE Messaging Service so we will focus the rest of this article on how to identity and fix the ISE Messaging Service. Problem Identification Usually problems with the ISE Messaging Service involve a blank Live Logs page.  You know authentication is working as you have devices/users

I recently received three Cisco Community Spotlight awards for my efforts in the Cisco Network Access Control community.  The first was a collaboration I did with Brad Johnson  on integrating Aruba Mobility Controllers with guest services hosted on Cisco ISE.  We received the Cisco Community Spotlight Award for English Community Best Publication, June 2022 .  Be sure to check out all of the Spotlight Awards for June 2022 here.  Be sure to check out all of the Spotlight Awards for June 2022 . The second was the July 2022 award for English Community Member's Choice for having the highest number of helpful votes and interactions in the Cisco Community.  Be sure to check out the other July 2022 Cisco Community Spotlight award winners. The third was the August 2022 Spotlight award for getting the highest number of correct answers in the Cisco Community.  Be sure to check out the other August 2022 Cisco Community Spotlight award winners. Happy community engagement, -A