Extreme Networks

herta_vandeneyn · ‎09-19-2019

For guests who visit our company for a short period of time, we used to create PPSKs with MAC-binding and had set credentials to be deleted after a few days.

When those visitors return, possibly months later, we generate a new PPSK, but they cannot reconnect.

Sometimes, though rarely, it is sufficient to have their device 'forget' about the connection.

Sometimes, we have to unbind the MAC/PPSK Binding in HiveManager, but usually we can only do this based on the MAC-address. It usually is not enough.

Sometimes, the visitor still has the mail with the previous PPSK, in which case we can register the old PPSK to the new user entry.

Most of the time it is a tedious process, which is highly inconvenient.

I searched the AP which safeguards the MAC-PPSK binding, but I cannot find a command that will list which MAC-PPSK bindings exist, nor how to remove them.

Is there such a command?

Is there an easier way of dealing with these obsolete records?

samantha_lynn · ‎09-19-2019

I can't speak to known MS windows issues, but from our side of things it may be more about the AP cache remembering the user rather than the user remembering the SSID. Although, if you're no longer using mac-binding and you've updated all the APs, that shouldn't be an issue either. It might be worth opening a case with our tech support team so they can investigate for you and find a definitive answer.

herta_vandeneyn · ‎09-19-2019

That helps a lot, Sam. Thanks.

I now understand that the SSID is the name of the Wireless Network.

When I now enter "_test auth mac-bind show <ssid profile name>" using an SSID that still does MAC-bindings, I get the list of all MAC-addresses associated with that SSID, so that pretty much covers my first question.

When I use the 'guest-users' SSID, it returns:

"ppsk data of SSID(guest-users) does not existed"

which could be correct. A couple of weeks ago, we changed the settings and no longer use MAC-PPSK-bindings for this SSID. It may be that that operation deleted all the bindings that previously existed for this SSID.

Still puzzled, though. Why can't the user's laptop 'Forget' this SSID and reconnect to it using the new PPSK?

Is this is a (known?) MS Windows issue rather than an Aerohive issue?

samantha_lynn · ‎09-19-2019

For the first command, you can leave off the <mac address> part at the end to see all bindings for that SSID. For the <ssid profile name> you'll want to enter your SSID name. For instance, if the SSID were named "Guest", the command would be "_test auth mac-bind show guest", without the quotations.

For the second command, you'll want to enter the SSID name again for the <ssid> part, then the user mac address you want to unbind for the <mac-address> part, then the user password for the <password> part. So again if the SSID name was guest, the Mac address was ab12:cd34:ef56, and their user password was "mypassword", then the command would be "exec auth guest ppsk-mac-unbinding mac-ppsk ab12:cd34:ef56 mypassword".

I can submit a feature request for you, to see if we can add the functionality to remove mac bindings once the credentials expire to a future release, if you'd like?

herta_vandeneyn · ‎09-19-2019

Thanks for your prompt reply, Sam.

Unfortunately, I have no idea what to enter as <ssid profile name> in the first command, or as <SSID> and <password> in the second.

Ideally, there'd be a command that lists all MAC-PPSK-bindings.

Ideally, the MAC-PPSK bindings would disappear when the credentials can no longer be renewed.

Extreme Networks

list existing MAC-PPSK bindings + command to remove them?

list existing MAC-PPSK bindings + command to remove them?