This is an old revision of the document!
Table of Contents
Private PSK (PPSK) Overview
Introduction
- MESHdesk and APdesk now include support for Private PSKs.
- This feature has been available from some vendors for a while although each vendor has their own unique implementation and sometimes they also have their own terminology.
- Cisco calls it Identity PSK.
- Aruba calls it Multiple Pre-Shared Key (MPSK).
- Ruckus calls it Dynamic PSK.
- Some of the names and technologies have been branded and trademarked.
- This feature provides two main functions.
- The ability for each device that connects to a single SSID to have a unique WPA2 Shared Key.
- The option for each device to be assigned to a predefined VLAN after authentication.
Usage
Your next question might be “OK, so why would I want to use this feature?” or even “Where do you use this feature?”
- We will split this into two categories. One for small deployments and another for large deployments.
Small deployments
- In a small deployment you need a minimum of one Access Point.
- You don't need any VLAN aware equipment, the VLAN assignment will be internal.
- You will typically have:
- A Single SSID that is configured for Private PSK security.
- The On-boarding Captive Portal.
- A LAN bridge
- Zero or more NAT+DHCP networks
- Zero or more OpenVPN bridges.
- Includes small offices or home deployments
Large deployments
- With large deployments you can potentially have hundreds of Access Points all centrally managed using MESHdesk and APdesk.
- These deployments will include working together with other components to provide an integrated solution.
- You will typically have
- A common SSID that is configured for Private PSK security on all the Access Points.
- External / Central on-boarding Captive Portal.
- Multiple VLAN enabled switches.
- A firewall that hosts multiple networks, each of which is linked to a different VLAN.