Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
technical:ppsk-1ssid-2networks [2023/03/09 15:16] admin [Add RADIUS Client] |
technical:ppsk-1ssid-2networks [2024/02/05 18:49] (current) admin [Introduction] |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== Private PSK 1 SSID Two Networks ====== | ====== Private PSK 1 SSID Two Networks ====== | ||
| ===== Introduction ===== | ===== Introduction ===== | ||
| + | <WRAP center round alert 100%> | ||
| + | * Please note that of Feb 2024 this component is under active development to make it even more feature rich and easy to use. | ||
| + | * Do check back here in order to find out when the development is completed and ready for production. | ||
| + | </ | ||
| + | |||
| + | |||
| * This is our first use case and a very simple implementation. | * This is our first use case and a very simple implementation. | ||
| * With this implementation we will: | * With this implementation we will: | ||
| Line 14: | Line 20: | ||
| ===== The AP side ===== | ===== The AP side ===== | ||
| * We will start with the configuration of the Access Point in AP Desk. | * We will start with the configuration of the Access Point in AP Desk. | ||
| - | * Select a cloud to work in and to to **Networks** -> **AP Profiles**. Click on the **Add** button. | + | * Select a cloud to work in and go to **Networks** -> **AP Profiles**. Click on the **Add** button. |
| - | * Here we create an AP Profiles | + | * Here we create an AP Profile |
| {{: | {{: | ||
| * After we created it we will edit it. | * After we created it we will edit it. | ||
| Line 101: | Line 107: | ||
| * Save everything and try to connect to the SSID. | * Save everything and try to connect to the SSID. | ||
| * If everything works correct you should be redirected to the Captive Portal' | * If everything works correct you should be redirected to the Captive Portal' | ||
| + | |||
| + | ==== Profile for Registered Users ==== | ||
| + | * RADIUSdesk has an option that allow for users to register through the captive portal login page. | ||
| + | * The registered user has to belong the a realm and have a profile. | ||
| + | * We will now create the profile. | ||
| + | * Our profile will be very simple and just reply with the Tunnel-Password (PSK) which we will make *12345678*. | ||
| + | * Navigate to RADIUS -> Profiles. Click on **Add**. | ||
| + | * We create one called **CampusPSK-Student**. | ||
| + | * Keep the defaults (no limits imposed) and click **Save**. | ||
| + | * You will see that the system created a Profile Component and associated it with the profile. | ||
| + | * In our case its called **SimpleAdd_59**. | ||
| + | * Edit the Profile Component called **SimpleAdd_59** and add a Reply attribute of Tunnel-Password := 12345678. | ||
| + | {{: | ||
| + | * Now everything is in place for us to configure user registration in the login page. | ||
| + | |||
| + | ==== Enable User Registration ==== | ||
| + | * Go to Login and select the login page that you use for the captive portal. | ||
| + | * Edit its settings and enable user registration. | ||
| + | * Make sure you also selected **Auto-add device after authentication**. | ||
| + | * Save it. | ||
| + | * Everything is now ready to test. | ||
| + | |||
| + | ===== Final Testing ===== | ||
| + | * Connect to the Captive Portal. | ||
| + | * You Login Page should look similar to the one below. | ||
| + | {{: | ||
| + | * After you register and logged in you can confirm that the user's MAC Address has been associated with them. | ||
| + | * Ask the user to leave the WiFi network and connect again. | ||
| + | * The user should now be connected directly onto the LAN through the WiFi. | ||
| + | * Here we see under Activity Monitor that the user is connected using PPSK (Our NAS Identifier uses a convention with **ppsk** in the value. | ||
| + | {{: | ||
| + | |||
| + | ===== Devices Without Browsers ===== | ||
| + | * The Captive Portal works well for adding devices what has a browser. | ||
| + | * Some devices however needs access to the WiFi network but they do not have any screen to pop up a browser. | ||
| + | * These include sensors, WiFi Cameras and Printers. | ||
| + | * For these we have a handy applet that can be launched from Users -> Permanent Users. | ||
| + | * The **Devices Without Owners** applet will list all the MAC Addresses which connected to the SSID and were assigned to the default VLAN. | ||
| + | {{: | ||
| + | * We also give an indication when last it was seen on the network which makes it even more easy to locate. | ||
| + | * On top of that we offer the opportunity to give them an alias in case you need to tag those devices first. | ||
| + | * Then you can attach them to a permanent user. | ||
| + | * Our recommendation is to have a dedicated special Permanent User for a class of devices. e.g. su-printers for printers and su-cameras (su is short for special user). | ||
| + | |||
| + | ===== Banning Devices ===== | ||
| + | * You might ask, since all the users will have a common PSK, will it be possible to stop a specific device from gaining access to the network **without** forcing all the other devices to change the PSK they are configured with. | ||
| + | * Yes it is possible. | ||
| + | * Simply navigate to the BYOD applet and select the device(es) you want to stop the select the Enable / Disable button to complete the action. | ||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||
| + | |||