This is an old revision of the document!
Private PSK with data limits
Introduction
- RADIUSdesk includes Fair Usage Policy (FUP) profiles.
- These profiles can be tailor made into a very secure, powerful and flexible solution.
- In this example we will make use of these FUP profiles to:
- Allow a permanent user a daily data usage of 1GB.
- After this the system will move them to a VLAN with a captive portal that is throttled.
- See the following illustration for more clarity.
Private PSK with data limits
- In order to get a working setup we will split it in two parts
- The RADIUS related things that has to be done in RADIUSdesk.
- The MESHdesk related things that has to be done in MESHdesk.
- We assume you created a new cloud using the Setup Wizard. Our cloud is called PPSK Demo.
RADIUS Related
- The RADIUS related prep will consist of the following:
- Create a FUP profile that will cause the user to be moved the VLAN 105 (The VLAN we will run our Captive Portal on) after 1GB of data usage.
- Create a permanent user with a unique Private PSK and who will be assigned to the limited FUP profile.
- Add an entry for the SSID that the user will connect to to the PMKs Applet.
- Add the hostapd RADIUS client (this will be waiting under RADIUS Clients → New Arrivals)
Create FUP Profile
- Start by creating a new profile. This will be a Simple Profile which we will edit afterwards to change to a FUP Profile.
- Select the profile after it was created and on the edit drop-down button, select FUP Edit.
- The first screen you can leave the defaults since hostapd is not capable of limiting the connection speed of the user.
- Under the FUP components we will add a component that will reduce the speed when the daily usage exceeds 1GB of data.
- Again this speed reduction can not be implemented by hostapd, however we can optionally specify a VLAN which the user should be assinged to.
- This is where we specify VLAN 105 where the Captive Portal is running on.
- We are not blocking the user when the 1G data has been reached.
- The system will simply be kicking them off from the WiFi network and when their phone or laptop reconnects it will be part of a different VLAN.
- In our setup this VLAN will feature a Captive Portal.
Add new Permanent User
- RADIUSdesk allows a Permanent User to be assigned an optional PPSK and VLAN.
- In our setup, we will allow the user straight onto the LAN (Default VLAN).
- We will however assign a PPSK to her (11223344).
Add SSID to PMKs Applet
- We have dedicated applet that will create the PMK hashes for fast processing.
- This requires that we specify the SSID to which the user will connect to.
- We will add the SSID which the wizard created on the the sample mesh network. (PPSK Demo Wireless)
- To get to the PMKs Applet, go to. RADIUS → Realms and click on the button with the lock.
- Click on the Add button to add a new SSID
- Here you can see the PMKs that has been generated after you added the SSID.
- We keep the list of PMKs small and thus ensure a speedy lookup and match action by the following:
- Pre-calculating the PMKs based on the SSID.
- Assigning the RADIUS Client to a single Realm.
- The RADIUSdesk code then ensures each PPSK key is unique in the realm.