Differences

This shows you the differences between two versions of the page.

--- technical:ppsk-1ssid-2networks [2023/03/09 15:13]
admin [RADIUS related workflow]
+++ technical:ppsk-1ssid-2networks [2024/02/05 18:49] (current)
admin [Introduction]
@@ Line 1: / Line 1: @@
 ====== Private PSK 1 SSID Two Networks ======
 ===== Introduction =====
+<WRAP center round alert 100%>
+  * Please note that of Feb 2024 this component is under active development to make it even more feature rich and easy to use.
+  * Do check back here in order to find out when the development is completed and ready for production.
+</WRAP>
   * This is our first use case and a very simple implementation.
   * With this implementation we will:
@@ Line 14: / Line 20: @@
 ===== The AP side =====
   * We will start with the configuration of the Access Point in AP Desk.
-  * Select a cloud to work in and to to **Networks** -> **AP Profiles**. Click on the **Add** button.
+  * Select a cloud to work in and go to **Networks** -> **AP Profiles**. Click on the **Add** button.
-  * Here we create an AP Profiles called **Campus PSK**.
+  * Here we create an AP Profile called **Campus PSK**.
 {{:technical:psk:ap_profile_new.png?nolink|}}
   * After we created it we will edit it.
@@ Line 94: / Line 100: @@
   * Then edit it after you added it.
   * The following section is very important to specify the Type
-  * We specify a Type as **Private PSK**.
+  * We specify Type as **Private PSK**.
   * We also specify a default VLAN and default key (This matches the values we specified earlier with the SSID)
-  * Then we also opt for the logging of MAC Addresses.
+  * Then we also opt for the logging of MAC Addresses. (This is handy for IOT devices and Printers)
   * These are MAC Addresses which are not known to RADIUS and which will be directed to VLAN5 (Our Captive Portal)
 {{:technical:psk:ap_profile_radius_type.png?nolink|}}
   * Save everything and try to connect to the SSID.
   * If everything works correct you should be redirected to the Captive Portal's Login Page.
+==== Profile for Registered Users ====
+  * RADIUSdesk has an option that allow for users to register through the captive portal login page.
+  * The registered user has to belong the a realm and have a profile.
+  * We will now create the profile.
+  * Our profile will be very simple and just reply with the Tunnel-Password (PSK) which we will make *12345678*.
+  * Navigate to RADIUS -> Profiles. Click on **Add**.
+  * We create one called **CampusPSK-Student**.
+  * Keep the defaults (no limits imposed) and click **Save**.
+  * You will see that the system created a Profile Component and associated it with the profile.
+  * In our case its called **SimpleAdd_59**.
+  * Edit the Profile Component called **SimpleAdd_59** and add a Reply attribute of Tunnel-Password := 12345678.
+{{:technical:ap_profile_user_reg_profile.png?nolink|}}
+  * Now everything is in place for us to configure user registration in the login page.
+==== Enable User Registration ====
+  * Go to Login and select the login page that you use for the captive portal.
+  * Edit its settings and enable user registration.
+  * Make sure you also selected **Auto-add device after authentication**.
+  * Save it.
+  * Everything is now ready to test.
+===== Final Testing =====
+  * Connect to the Captive Portal.
+  * You Login Page should look similar to the one below.
+{{:technical:psk:ppsk_login.jpeg?nolink&400|}}
+  * After you register and logged in you can confirm that the user's MAC Address has been associated with them.
+  * Ask the user to leave the WiFi network and connect again.
+  * The user should now be connected directly onto the LAN through the WiFi.
+  * Here we see under Activity Monitor that the user is connected using PPSK (Our NAS Identifier uses a convention with **ppsk** in the value.
+{{:technical:ap_profile_user_ppsk_nas.png?nolink|}}
+===== Devices Without Browsers =====
+  * The Captive Portal works well for adding devices what has a browser.
+  * Some devices however needs access to the WiFi network but they do not have any screen to pop up a browser.
+  * These include sensors, WiFi Cameras and Printers.
+  * For these we have a handy applet that can be launched from Users -> Permanent Users.
+  * The **Devices Without Owners** applet will list all the MAC Addresses which connected to the SSID and were assigned to the default VLAN.
+{{:technical:psk:ap_profile_devices_no_owners.png?nolink|}}
+  * We also give an indication when last it was seen on the network which makes it even more easy to locate.
+  * On top of that we offer the opportunity to give them an alias in case you need to tag those devices first.
+  * Then you can attach them to a permanent user.
+  * Our recommendation is to have a dedicated special Permanent User for a class of devices. e.g. su-printers for printers and su-cameras (su is short for special user).
+===== Banning Devices =====
+  * You might ask, since all the users will have a common PSK, will it be possible to stop a specific device from gaining access to the network **without** forcing all the other devices to change the PSK they are configured with.
+  * Yes it is possible.
+  * Simply navigate to the BYOD applet and select the device(es) you want to stop the select the Enable / Disable button to complete the action.

RADIUSdesk

Page Tools

Site Tools

User Tools

Differences