PPSK Authentication

Travis Garrison tgarrison at netviscom.com
Tue Sep 10 00:09:44 UTC 2024 

PPSK or Private Pre-Shared Key allows us to have a single SSID but each shared key can be assigned a different VLAN. The shared key is configured by setting the Tunnel-Password.

Each user can have independent passwords to access the network without knowing each and every device they own and based on the passwords, we can assign the correct VLAN.

Thank you
Travis Garrison
Chief Technology Officer
417-851-1700
www.netviscom.com





-----Original Message-----
From: Freeradius-Users <freeradius-users-bounces+tgarrison=netviscom.com at lists.freeradius.org> On Behalf Of Alan DeKok
Sent: Monday, September 9, 2024 4:08 PM
To: FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Subject: Re: PPSK Authentication

On Sep 9, 2024, at 8:04 AM, Travis Garrison <tgarrison at netviscom.com> wrote:
> 
> I'm trying to figure out the best way to do this. We are using PPSK on TP-Link and are trying to figure out a work around for the 128 password limit for a single PPSK SSID. We have a password created that goes to specific VLANs and are trying to replicate it with a separate radius server.

  So you have one dynamic PSK which is tied to a specific VLAN?

> We do not want to use the typical radius authentication with PPSK since that requires us to know the MAC address of the devices beforehand. This will be a BYOD type setup.

  How are you going to assign devices to a VLAN if you don't know what the MAC is?  The only thing you can do is:

1) assign known MACs to known PSK / VLAN

2) assign everything else to one PSK / VLAN

> Using DEFAULT Auth-Type := Accept in the users file works fine to get around not knowing the mac addresses beforehand but the question is, how do we match against multiple Tunnel-Password fields?

  I don't know what that means.  Why are you *matching* multiple Tunnel-Password fields?

  Please describe what you want to do using plain English.  Don't describe a particular solution, and then ask why it doesn't work.

  Alan DeKok.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list