Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
technical:ppsk-user-reg [2024/07/09 14:45] systemtechnical:ppsk-user-reg [2024/07/09 19:46] (current) system
Line 8: Line 8:
   * RADIUSdesk enables the fast onboarding of new users in a PPSK enabled network.   * RADIUSdesk enables the fast onboarding of new users in a PPSK enabled network.
   * The onboarding process consists of the following steps   * The onboarding process consists of the following steps
-       - The user connects to an SSID that has PPSK enabled, using the shared key used for onboarding. +       - The user connects to an SSID that has PPSK enabled with the shared key **used for onboarding**
-       - The user is shown a landing page on the captive portal where they can register and select their PPSK. +       - The user is shown a landing page on the captive portal where they can register and select their own PPSK. 
-       - The user disconnects and reconnects with their own PPSK to gain full internet access. +       - The user disconnects and reconnects with their own PPSK to gain full Internet access. 
-  * This page describes some of the options available to configure the network for onboarding functionality.+  * This page describes the most important points you need to consider in order to achieve a functioning setup.
  
 ----- -----
 ===== Planning the VLANs ===== ===== Planning the VLANs =====
-  * The PPSK solution in RADIUSdesk requires you to specify the VLANs you want to use.+  * With the PPSK solution in RADIUSdeskyou must specify the VLANs that you want to use.
   * They are connected to a realm.   * They are connected to a realm.
-  * In the screenshot below you can see that we have specified VLAN 5 and also VLAN 100-110.+  * On the screenshot below you can see that we have specified VLAN 5 and also VLAN 100-110.
   * We will use VLAN 5 for the Captive Portal network.   * We will use VLAN 5 for the Captive Portal network.
 +<panel type="primary">
 +{{:technical:ppsk:vlans.png?nolink|}}
 +</panel>
  
 +-----
 ===== The onboarding user ===== ===== The onboarding user =====
   * We create an onboarding user with a PPSK that is easy to remember.   * We create an onboarding user with a PPSK that is easy to remember.
-  * This will be shared to users who wants to register. +  * This is given to users who want to register to connect to the WiFi network
-  * The onboarding user is also assigned the VLAN we use for the Captive Portal network. +  * The onboarding user is also assigned the VLAN that we use for the Captive Portal network (VLAN 5)
-  +<panel type="primary"> 
 +{{:technical:ppsk:onboarding_user.png?nolink|}} 
 +</panel>
    
-  * For user registration, we use a captive portal with a landing page that enables user registration. 
-  * The captive portal setup requires a few key items to be in place to serve as a user on-boarding setup. 
-  * This includes the following: 
-        * A predetermined pre-shared key to connect with that will put the user in the network with the captive portal. 
-        * A captive portal that will serve a landing page to the user who wants to register. 
-        * A landing page that will allow the user to register. 
-  * We use a pre-defined pre-shared key (PSK) that dynamically moves the user into the network with the captive portal. 
-  * You can decide what role this captive portal should fulfil. 
-      *  You can use the captive portal in the traditional way, i.e. users can connect via the portal to gain internet access and have the option to register. The register dialog can include an option for the user to specify their own Private Preshared Key (PPSK). 
-      * Alternatively, you can simply use the Captive Portal as a place where the user can register. During this registration process they can then specify their Private Pre-shared Key (PPSK) which they will give them full Internet access when they use their own preshared key. 
-  * In both cases, we must first activate user registration in the RADIUSdesk login page applet. 
  
 ----- -----
 +===== The Captive Portal =====
 +  * We need to change the default captive portal created by the RADIUSdesk wizard.
 +  * We will connect it to VLAN 5.
 +  * To have VLAN 5 as a selectable option, we need to add it to the AP profile or mesh network.
 +<panel type="primary">
 +{{:technical:ppsk:ap_desk_vlan.png?nolink|}}
 +</panel>
  
-===== Highlights =====+<alert type="success" icon="glyphicon glyphicon-bullhorn"> 
 +  * The VLANs that we define here are separate from the VLANs that are connected to the realm (RADIUS side)  
 +  * The VLANs we define here can be used internally in a mesh network or access point without the need for a VLAN-enabled switch. 
 +  * If you have a larger setup where the VLANs and their NAT/DHCP networks are provided by another vendor, you only need VLAN 5 for the Captive Portal 
 +</alert> 
 + 
 +  * The captive portal also connects to the SSID for which PPSK with RADIUS encryption is enabled. 
 +  * This is only a formality. The actual network to which a client is assigned is determined by RADIUS. 
 +<panel type="primary"> 
 +{{:technical:ppsk:ppsk_captive1.png?nolink|}} 
 +</panel>  
 + 
 +------ 
 +===== Enable user registration ===== 
 +  * User registration is enabled under the settings of the login page used by the captive portal. 
 +  * We have an option called **Require Private PSK (PPSK)** which also needs to be enabled. 
 +  * Then there are three options for VLAN assignment during registration. 
 +     - **No VLAN** - No VLAN will be assigned to the newly created user. 
 +     - **Preselect** - Select one of the VLANs which are associated with the realm which you specified the new user should belong to. This is useful if you want to perform some checks after registration before assigning the final VLAN. 
 +     - **Next Available** - The system selects the next available VLAN from the pool of VLANs of the realm to which the new user is to belong. If the pool is exhausted, the registration fails with a corresponding message. 
 +<panel type="primary"> 
 +{{:technical:ppsk:user_registration.png?nolink|}} 
 +</panel> 
 + 
 +----- 
 +===== The landing page ===== 
 +  * There are two options for the landing page. 
 +    - You can use the default Captive Portal login page which you have enabled user registration and checked **Require Private PSK (PPSK)**. 
 +    - You can use the simplified Registration Only page (you still need to enable user registration) 
 +  * The URL for the default Captive Portal login page is as follows: https://cloud.radiusdesk.com/cake4/rd_cake/dynamic-details/chilli-browser-detect/ (Replace the FQDN with the FQDN of your RADIUSdesk server) 
 +  * The URL for the simplified register only page is as follows: https://cloud.radiusdesk.com/login/ppsk_register/index.html (Replace the FQDN with the FQDN of your RADIUSdesk server) 
 +  * For the simplified registration only page you must also append the ID of the login page, e.g. **?dynamic_id=37**. 
 +  * To determine the ID of the login page simply click on the **Preview** button in the Login Page applet.  
 +  * This opens a preview of the standard login page with the dynamic_id in the query string. 
 +  * You can then use this value and update the settings of the captive portal. 
 +  * See screenshot below: 
 +<panel type="primary"> 
 +{{:technical:ppsk:simple_register.png?nolink|}} 
 +</panel> 
 + 
 +----- 
 +====== Highlights =====
 +  * The following video summarises all the points we have covered on this page:
 <panel type="info" title="Highlight video of on-boarding process"> <panel type="info" title="Highlight video of on-boarding process">
 {{ :videos:ppsk_registration.mp4 |On-boarding Overview }} {{ :videos:ppsk_registration.mp4 |On-boarding Overview }}
  • technical/ppsk-user-reg.1720529102.txt.gz
  • Last modified: 2024/07/09 14:45
  • by system