User registration in a PPSK environment
- RADIUSdesk enables the fast onboarding of new users in a PPSK enabled network.
- The onboarding process consists of the following steps
- The user connects to an SSID that has PPSK enabled with the shared key used for onboarding.
- The user is shown a landing page on the captive portal where they can register and select their own PPSK.
- The user disconnects and reconnects with their own PPSK to gain full Internet access.
- This page describes the most important points you need to consider in order to achieve a functioning setup.
Planning the VLANs
- With the PPSK solution in RADIUSdesk, you must specify the VLANs that you want to use.
- They are connected to a realm.
- On the screenshot below you can see that we have specified VLAN 5 and also VLAN 100-110.
- We will use VLAN 5 for the Captive Portal network.
The onboarding user
- We create an onboarding user with a PPSK that is easy to remember.
- This is given to users who want to register to connect to the WiFi network.
- The onboarding user is also assigned the VLAN that we use for the Captive Portal network (VLAN 5).
The Captive Portal
- We need to change the default captive portal created by the RADIUSdesk wizard.
- We will connect it to VLAN 5.
- To have VLAN 5 as a selectable option, we need to add it to the AP profile or mesh network.
- The VLANs that we define here are separate from the VLANs that are connected to the realm (RADIUS side)
- The VLANs we define here can be used internally in a mesh network or access point without the need for a VLAN-enabled switch.
- If you have a larger setup where the VLANs and their NAT/DHCP networks are provided by another vendor, you only need VLAN 5 for the Captive Portal
- The captive portal also connects to the SSID for which PPSK with RADIUS encryption is enabled.
- This is only a formality. The actual network to which a client is assigned is determined by RADIUS.
Enable user registration
- User registration is enabled under the settings of the login page used by the captive portal.
- We have an option called Require Private PSK (PPSK) which also needs to be enabled.
- Then there are three options for VLAN assignment during registration.
- No VLAN - No VLAN will be assigned to the newly created user.
- Preselect - Select one of the VLANs which are associated with the realm which you specified the new user should belong to. This is useful if you want to perform some checks after registration before assigning the final VLAN.
- Next Available - The system selects the next available VLAN from the pool of VLANs of the realm to which the new user is to belong. If the pool is exhausted, the registration fails with a corresponding message.
The landing page
- There are two options for the landing page.
- You can use the default Captive Portal login page which you have enabled user registration and checked Require Private PSK (PPSK).
- You can use the simplified Registration Only page (you still need to enable user registration)
- The URL for the default Captive Portal login page is as follows: https://cloud.radiusdesk.com/cake4/rd_cake/dynamic-details/chilli-browser-detect/ (Replace the FQDN with the FQDN of your RADIUSdesk server)
- The URL for the simplified register only page is as follows: https://cloud.radiusdesk.com/login/ppsk_register/index.html (Replace the FQDN with the FQDN of your RADIUSdesk server)
- For the simplified registration only page you must also append the ID of the login page, e.g. ?dynamic_id=37.
- To determine the ID of the login page simply click on the Preview button in the Login Page applet.
- This opens a preview of the standard login page with the dynamic_id in the query string.
- You can then use this value and update the settings of the captive portal.
- See screenshot below:
Highlights
- The following video summarises all the points we have covered on this page:
Highlight video of on-boarding process