Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
technical:ppsk-overview [2024/04/18 07:50] – [History] systemtechnical:ppsk-overview [2024/04/27 06:16] (current) system
Line 1: Line 1:
 +<nav type="pills" justified="false">
 +  * [[:user_manuals|Back to Documentation]]
 +  * [[:technical:ppsk-overview|PPSK Overview]]
 +</nav>
 +
 +-----
 ====== Private PSK (PPSK) Overview ====== ====== Private PSK (PPSK) Overview ======
 ===== Introduction ===== ===== Introduction =====
Line 5: Line 11:
   * This is in contrast to a door where everyone has the same key to unlock it and gain access to a building.   * This is in contrast to a door where everyone has the same key to unlock it and gain access to a building.
   * The advantage of using different keys is the ease of management.   * The advantage of using different keys is the ease of management.
-  * If you have a small office setup where an employee perhaps leave the company on a bad foot  and you want to make sure they do not get access to the WiFi network. +  * Suppose you have a small office setup where an employee leave the company on a bad foot  and you want to make sure they do not get access to the WiFi network. 
-  * Without the support of Pre Shared Key you need to:+  * Without the support of PPSK you need to:
     * Change the shared key on the access point(s).     * Change the shared key on the access point(s).
     * Inform all employees that the WiFi key has changed and hopefully they will be smart enough to update any devices that are configured to connect to the office WiFi network.     * Inform all employees that the WiFi key has changed and hopefully they will be smart enough to update any devices that are configured to connect to the office WiFi network.
     * Another place where you need to update the WiFi key is any peripherals that are connected to the network, including printers, scanners and cameras.     * Another place where you need to update the WiFi key is any peripherals that are connected to the network, including printers, scanners and cameras.
-  * With pre-shared key support, you simply revoke the PPSK of employees.+  * With PPSK support, you simply revoke the PPSK of employees. 
 +  * Also using one SSID with multiple keys improves bandwidth utilisation and provides a simplified user experience. 
 + 
 +------
  
 ===== History ===== ===== History =====
Line 25: Line 34:
      * Ruckus calls it **Dynamic PSK**.      * Ruckus calls it **Dynamic PSK**.
   * Some of the names and technologies are trademarked and protected.   * Some of the names and technologies are trademarked and protected.
-  * Under the hood, however, most providers that have recently added the PPSK function use the hostapd programme.+  * Under the hood, however, most providers that have recently added the PPSK function use the **hostapd** programme.
   * **hostapd** is an open source authenticator for WiFi APs.   * **hostapd** is an open source authenticator for WiFi APs.
   * This feature offers two main functions.   * This feature offers two main functions.
Line 31: Line 40:
       * The ability for each device to be assigned to a predefined VLAN after authentication.        * The ability for each device to be assigned to a predefined VLAN after authentication. 
  
-===== Advantages  ===== +-----------
-Your next question might be //"OK, so why would I want to use this feature?"// or even //"Where do you use this feature?"// +
- +
-  * The Private PSK allows you to use secure, device-bound credentials. +
-  * This allows clients to securely authenticate and join the network using a **specific device and PSK combination**. +
-  * This enhances security and deployment flexibility for headless IoT devices. +
-  * Optional dynamic VLAN assignment further enhances the security and manageability.    +
-  * RADIUSdesk is used to centrally manage device and PSK matching. +
-  * A PSK on the device owner's profile is the most generic solution. +
-  * A more granular option will be a PSK on the device owner. +
-  * Finally there is an option for a PSK on the device itself. +
-  * Other features included with RADIUSdesk are available also to use: +
-        * Future date activation. +
-        * Expiry date. +
-        * Time slots when the network can be used by the device.  +
-  * One SSID can support all these features. +
-  * Using one SSID improves bandwidth utilization and provides a simplified user experience. +
-  * The easy to use on-boarding Captive Portal minimize support calls. +
- +
- +
-===== Implementation ===== +
- +
-  * We will split this into two categories. One for small deployments and another for large deployments. +
- +
-==== Small deployments ==== +
-{{:technical:psk:privatepsk.png?nolink|}} +
-  * In a small deployment you need a minimum of one Access Point. +
-  * Private PSK is also supported in the mesh networks managed by MESHdesk. +
-  * You don't need any VLAN aware equipment, the VLAN assignment will be internal. +
-  * You will typically have: +
-        * A Single SSID that is configured for Private PSK security. +
-        * The On-boarding Captive Portal. +
-        * A LAN bridge +
-        * Zero or more NAT+DHCP networks +
-        * Zero or more OpenVPN bridges. +
-  * Includes small offices or home deployments  +
- +
-==== Large deployments  (MDU Multi-dwelling building, Apartments, Hotels. etc) ==== +
-{{:technical:psk:privatepsk_large.png?nolink|}} +
-  * With large deployments you can potentially have thousands of Access Points all centrally managed using MESHdesk and APdesk. +
-  * These deployments will include working together with other components to provide an integrated solution. +
-  * You will typically have +
-        * A common SSID that is configured for Private PSK security on all the Access Points. +
-        * External / Central on-boarding Captive Portal. +
-        * Multiple VLAN enabled switches. +
-        * A firewall that hosts multiple networks, each of which is linked to a different VLAN. +
-  * Includes Multiple Dwelling Units (MDU), Schools, hotels and conference facilities and WiFi networks with IOT devices. +
- +
-<WRAP center round info 100%> +
-  * You might have noticed that the Access Points in the picture are the Aruba AP105. +
-  * RADIUSdesk provides a solution for networking and does not sell hardware. +
-  * The Aruba AP105 along with many other older and current hardware are supported by OpenWrt and can thus be used in your deployment. +
-  * No vendor lock-in :-+
-</WRAP> +
  
 ===== Why not 802.1x? ===== ===== Why not 802.1x? =====
-  * WPA2 Enterprise are definitely more secure but there are two issues which usually turn people off from implementing it. +  * WPA2 Enterprise is definitely more securebut there are two problems that prevent most people from implementing it. 
-  * Certificate management. The Certificate Authority (CA)'certificate needs to be installed on the client connecting.   +  * The certificate management. The Certificate Authority (CA) certificate must be installed on the client that is connecting.   
-  * Not all WiFi devices support it.+  * Not all WiFi devices support this.
         * Many IOT devices do not support WPA2-Enterprise         * Many IOT devices do not support WPA2-Enterprise
         * Many printers and WiFi cameras do not support WPA2-Enterprise.         * Many printers and WiFi cameras do not support WPA2-Enterprise.
-  * RADIUSdesk along with MESHdesk and APdesk however also offer WPA2 Enterprise support should you wish to rather implement it instead of Private PSK. 
- 
- 
  • technical/ppsk-overview.1713419421.txt.gz
  • Last modified: 2024/04/18 07:50
  • by system