Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
technical:ppsk-user-reg [2024/07/09 15:24] systemtechnical:ppsk-user-reg [2024/07/09 19:46] (current) system
Line 8: Line 8:
   * RADIUSdesk enables the fast onboarding of new users in a PPSK enabled network.   * RADIUSdesk enables the fast onboarding of new users in a PPSK enabled network.
   * The onboarding process consists of the following steps   * The onboarding process consists of the following steps
-       - The user connects to an SSID that has PPSK enabled, using the shared key **used for onboarding**. +       - The user connects to an SSID that has PPSK enabled with the shared key **used for onboarding**. 
-       - The user is shown a landing page on the captive portal where they can register and select their PPSK. +       - The user is shown a landing page on the captive portal where they can register and select their own PPSK. 
-       - The user disconnects and reconnects with their own PPSK to gain full internet access. +       - The user disconnects and reconnects with their own PPSK to gain full Internet access. 
-  * This page describes the most important points you need to pay attention to in order to achieve a functioning setup.+  * This page describes the most important points you need to consider in order to achieve a functioning setup.
  
 ----- -----
 ===== Planning the VLANs ===== ===== Planning the VLANs =====
-  * The PPSK solution in RADIUSdesk requires you to specify the VLANs you want to use.+  * With the PPSK solution in RADIUSdeskyou must specify the VLANs that you want to use.
   * They are connected to a realm.   * They are connected to a realm.
-  * In the screenshot below you can see that we have specified VLAN 5 and also VLAN 100-110.+  * On the screenshot below you can see that we have specified VLAN 5 and also VLAN 100-110.
   * We will use VLAN 5 for the Captive Portal network.   * We will use VLAN 5 for the Captive Portal network.
 <panel type="primary"> <panel type="primary">
Line 26: Line 26:
 ===== The onboarding user ===== ===== The onboarding user =====
   * We create an onboarding user with a PPSK that is easy to remember.   * We create an onboarding user with a PPSK that is easy to remember.
-  * This is passed on to users who want to register.+  * This is given to users who want to register to connect to the WiFi network.
   * The onboarding user is also assigned the VLAN that we use for the Captive Portal network (VLAN 5).   * The onboarding user is also assigned the VLAN that we use for the Captive Portal network (VLAN 5).
 <panel type="primary"> <panel type="primary">
Line 35: Line 35:
 ----- -----
 ===== The Captive Portal ===== ===== The Captive Portal =====
-  * We need to modify the standard captive portal that is created by the RADIUSdesk Wizard+  * We need to change the default captive portal created by the RADIUSdesk wizard
-  * We will connect it with VLAN 5. +  * We will connect it to VLAN 5. 
-  * To have VLAN 5 as a selectable option, we have to add it to the AP Profile or Mesh network.+  * To have VLAN 5 as a selectable option, we need to add it to the AP profile or mesh network.
 <panel type="primary"> <panel type="primary">
 {{:technical:ppsk:ap_desk_vlan.png?nolink|}} {{:technical:ppsk:ap_desk_vlan.png?nolink|}}
 </panel> </panel>
-  * The captive portal also connects with the SSID that has PPSK with RADIUS encryption enabled. + 
-  * This is just a formality and the actual network which a client will be assigned to will be determined by the RADIUS server.+<alert type="success" icon="glyphicon glyphicon-bullhorn"> 
 +  * The VLANs that we define here are separate from the VLANs that are connected to the realm (RADIUS side)  
 +  * The VLANs we define here can be used internally in a mesh network or access point without the need for a VLAN-enabled switch. 
 +  * If you have a larger setup where the VLANs and their NAT/DHCP networks are provided by another vendor, you only need VLAN 5 for the Captive Portal 
 +</alert> 
 + 
 +  * The captive portal also connects to the SSID for which PPSK with RADIUS encryption is enabled. 
 +  * This is only a formality. The actual network to which a client is assigned is determined by RADIUS.
 <panel type="primary"> <panel type="primary">
 {{:technical:ppsk:ppsk_captive1.png?nolink|}} {{:technical:ppsk:ppsk_captive1.png?nolink|}}
 </panel>  </panel> 
  
 +------
 ===== Enable user registration ===== ===== Enable user registration =====
-  * We need to modify the standard captive portal that is created by the RADIUSdesk Wizard+  * User registration is enabled under the settings of the login page used by the captive portal
-  * We will connect it with VLAN 5.+  * We have an option called **Require Private PSK (PPSK)** which also needs to be enabled. 
 +  * Then there are three options for VLAN assignment during registration. 
 +     - **No VLAN** - No VLAN will be assigned to the newly created user. 
 +     - **Preselect** - Select one of the VLANs which are associated with the realm which you specified the new user should belong to. This is useful if you want to perform some checks after registration before assigning the final VLAN. 
 +     - **Next Available** - The system selects the next available VLAN from the pool of VLANs of the realm to which the new user is to belong. If the pool is exhausted, the registration fails with a corresponding message. 
 +<panel type="primary"> 
 +{{:technical:ppsk:user_registration.png?nolink|}} 
 +</panel>
  
 +-----
 ===== The landing page ===== ===== The landing page =====
 +  * There are two options for the landing page.
 +    - You can use the default Captive Portal login page which you have enabled user registration and checked **Require Private PSK (PPSK)**.
 +    - You can use the simplified Registration Only page (you still need to enable user registration)
 +  * The URL for the default Captive Portal login page is as follows: https://cloud.radiusdesk.com/cake4/rd_cake/dynamic-details/chilli-browser-detect/ (Replace the FQDN with the FQDN of your RADIUSdesk server)
 +  * The URL for the simplified register only page is as follows: https://cloud.radiusdesk.com/login/ppsk_register/index.html (Replace the FQDN with the FQDN of your RADIUSdesk server)
 +  * For the simplified registration only page you must also append the ID of the login page, e.g. **?dynamic_id=37**.
 +  * To determine the ID of the login page simply click on the **Preview** button in the Login Page applet. 
 +  * This opens a preview of the standard login page with the dynamic_id in the query string.
 +  * You can then use this value and update the settings of the captive portal.
 +  * See screenshot below:
 +<panel type="primary">
 +{{:technical:ppsk:simple_register.png?nolink|}}
 +</panel>
  
 +-----
 ====== Highlights ====== ====== Highlights ======
 +  * The following video summarises all the points we have covered on this page:
 <panel type="info" title="Highlight video of on-boarding process"> <panel type="info" title="Highlight video of on-boarding process">
 {{ :videos:ppsk_registration.mp4 |On-boarding Overview }} {{ :videos:ppsk_registration.mp4 |On-boarding Overview }}
  • technical/ppsk-user-reg.1720531480.txt.gz
  • Last modified: 2024/07/09 15:24
  • by system