Table of Contents
Advertisement
Chapter 9: Common Configuration Examples
9.4.1 Private PSK Enhancements
You can set up a captive Web portal that allows users to self-register and receive their own, individual private PSKs (preshared
keys). In addition, you can configure a SmartPath AP to generate sets of private PSK users with admin-defined validity periods,
which is convenient for users such as contractors that require temporary network access for lengths of time longer than a day.
Private PSK Self-Registration
You can configure an SSID with a captive Web portal so that when users register, they receive their own private PSKs and the
name of a second SSID with which to associate by entering their newly acquired PSK. To accomplish this, one or more SmartPath
APs act as authenticators and one of them also acts as a private PSK server. Users associate with an authenticator on an open
SSID referred to as the "registration SSID." When they open a Web browser and attempt to make an HTTP connection, the
authenticator captures the HTTP traffic and redirects it to the captive Web portal on the private PSK server, which presents a
registration page to the users. After they register, the private PSK server redirects them back to the captive Web portal on the
authenticator with which they are associated. The authenticator then displays a "successful registration" page that contains the
private PSK and name of the SSID with which the user must associate next. This procedure completely eliminates the need for an
administrator or receptionist to distribute private PSKs to users. The users automatically get PSKs for themselves by registering on
a captive Web portal.
NOTE: The configuration steps below assume that the private PSK authenticator and server are on different SmartPath APs to
differentiate their roles clearly. However, a single SmartPath AP can act as both a private PSK authenticator and server.
Step 1: Make a Private PSK User Group
Create a user group for automatically generated private PSK users. All users added to this group automatically inherit the
attributes that you set for the group.
Click "Configuration > Advanced Configuration > Authentication > Local User Groups > New," enter the following, and then click
"Save:"
User Group Name: Type a unique name for the user group. Including the user profile attribute number in the name helps ensure
that you later assign user groups and user profiles with the same attribute in the SSID.
Description: Type a useful note for later reference.
Automatically generated private PSK users:
User Profile Attribute: Type the attribute number for the user group. The SmartPath AP uses this to reference a user profile with
the same number to members of this group.
VLAN ID: Type the VLAN ID that you want SmartPath APs to assign to traffic from users in this group. If you leave this empty,
SmartPath APs assign traffic to the VLAN ID set in the user profile. If you specify a VLAN ID here, it supersedes the one defined in
the user profile.
Reauthorization Time: Use the default setting of 1800 seconds (30 minutes) or set a new one from 600 to 86400 seconds (10
minutes to 24 hours). If you enter 0, clients do not have to reauthorize themselves.
User Name Prefix: Type a text string to be added to the beginning of all automatically generated private PSK users.
Private PSK Secret: Type a random string of up to 64 characters to be used as part of the PSK generation process.
Step 2: Add Users to the Group
Create a number of users and add them to the private PSK user group.
Click "Configuration > Advanced Configuration > Authentication > Local Users > Bulk," enter the following, and then click
"Create:"
Create Users under Group: From the drop-down list, choose the name of the group configured in Step 1.
724-746-5500 | blackbox.com
Page 135
Advertisement
Chapters
Table of Contents
