Table of Contents
Advertisement
When network users first activate their access to the WLAN with Dynamic PSK enabled, a unique pre-shared
key (PSK) is generated automatically for their authentication. (This was activated by default in the WLAN
Setup Wizard if you selected WPA-PSK as the WLAN Authentication method.)
Enabling Dynamic Pre-Shared Keys on a WLAN
To use DPSK for client authentication, you must enable it for a particular WLAN (if you did not enable it
during the initial ZoneDirector Setup Wizard process).
To enable DPSK for a WLAN:
1.
Go to Configure > WLANs.
2.
Either Edit an existing WLAN or click Create New to open the WLAN configuration form.
3.
Under Type, select Standard Usage.
4.
Under Authentication Options: Method, select MAC Address or Open. (If Open, only Local Database is
available as the authentication server.)
5.
Under Encryption Options: Method, select WPA or WPA2 (not WPA-Mixed, as selecting WPA-Mixed will
disable the option to enable Zero-IT activation).
6.
If using MAC Address authentication, choose an Authentication Server to authenticate clients against,
from either Local Database or RADIUS Server (if you chose Open, only Local Database is available).
7.
Ensure that the Zero-IT Activation check box is enabled.
8.
Next to Dynamic PSK, enable the check box next to Enable Dynamic PSK.
9.
Click OK to save your settings.
This WLAN is now ready to authenticate users using Dynamic Pre-Shared Keys, once their credentials are
verified against either the internal database or an external RADIUS server.
Setting Dynamic Pre-Shared Key Expiration
By default, dynamic pre-shared keys do not expire. You can control when the PSK expires, at which time the
users will be prompted to reactivate their wireless access.
To set the dynamic PSK expiration:
1.
Go to Configure > WLANs.
2.
In the Dynamic PSK section, select the PSK expiration time. Range includes one day to unlimited (never
expires).
3.
Click the Apply button that is in the same section. The new setting goes into effect immediately.
If you change the dynamic PSK expiration period, the new expiration period will only
be applied to new PSKs. Existing PSKs will retain the expiration period that was in
effect when the PSKs were generated. To force expiration, go to Monitor >
Generated PSKs/Certs.
Generating Multiple Dynamic PSKs
If you will be generating DPSKs frequently (for example, to configure school-owned laptops in batch), you
may want to generate multiple DPSKs at once and distribute them to your users in one batch. Before
performing this procedure, check your WLAN settings and make sure that the Dynamic PSK check box is
selected.
To generate multiple dynamic PSKs:
1.
Go to Configure > WLANs.
2.
Scroll down to the Dynamic PSK Batch Generation section.
NXA-WAPZD1000 ZoneDirector Smart WLAN Controller
Each DPSK is bound to the MAC address of an authorized device - even if that PSK is shared with
another user, it will not work for any other machine.
Since each device has its own DPSK, you can also associate a user (or device) name with each key
for easy reference. Each DPSK may also have an expiration date - after that date, the key is no
longer valid and will not work.
DPSKs can be created and removed without impacting any other device on the WLAN.
If a hacker manages to crack the DPSK for one client, it does not expose the other devices which
are encrypting their traffic with their own unique DPSK.
Configure Tab
61
Advertisement
Table of Contents
Troubleshooting
