This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Extreme Networks
- Community List
- Network Management & Authentication
- ExtremeCloud IQ
- Re: PPSk self registration with Authentication?
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
PPSk self registration with Authentication?
PPSk self registration with Authentication?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
12-14-2021 09:49 PM
We are a High School and have staff and students all connecting through radius 802.1x and being assigned into vlans/usergroups based on year levels.
this has worked for years successfully except for the constant issues with clients,ie different brands of phones ,Chromebooks etc not detecting 802.1x settings correctly like auth type, no certificate validation etc.The latest androids are getting better and of course apple devices just work.
I want to move to PPSK to avoid this and realize I can either bulk make/import 600 users, assign user profiles and send out PPSK detail(seems a lot of duplication)
I can't find any documentation that clearly explains but is it possible to have a CWP self registration that forces the client to use their existing AD/radius details to register and therefore then assigns them a PPSK that also places them into the appropriate vlan/user profile as before. Even If after they registered I had to manually assign the userprofiles can I force them to register with a legitimate name or is the CWP only for guest type use.
Is there another alternative that I have missed.
this has worked for years successfully except for the constant issues with clients,ie different brands of phones ,Chromebooks etc not detecting 802.1x settings correctly like auth type, no certificate validation etc.The latest androids are getting better and of course apple devices just work.
I want to move to PPSK to avoid this and realize I can either bulk make/import 600 users, assign user profiles and send out PPSK detail(seems a lot of duplication)
I can't find any documentation that clearly explains but is it possible to have a CWP self registration that forces the client to use their existing AD/radius details to register and therefore then assigns them a PPSK that also places them into the appropriate vlan/user profile as before. Even If after they registered I had to manually assign the userprofiles can I force them to register with a legitimate name or is the CWP only for guest type use.
Is there another alternative that I have missed.
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
06-21-2023 11:42 AM
I have a very similar question as per @admin32 mainly this part...
"I can't find any documentation that clearly explains but is it possible to have a CWP self registration that forces the client to use their existing AD/radius details to register and therefore then assigns them a PPSK"
I would like to do this with the built in capabilities of XIQ and it seems possible as I took this statement from the online help files...
- PPSK Self-Registration: This feature provides secure network access and management of employee personal devices. Employees connect to an open-registration wireless network, authenticate using their employee credentials, and receive a PPSK via a captive web portal. PPSKs can be cached in an on-device database (on the AP) or in the cloud. You can choose to grant PPSKs and tailor the experience (firewall, QoS, throughput rates) on a per-device basis. PPSK technology lets you revoke permission for a single user without affecting the entire network. PPSKs can be stored in the cloud, or on an Extreme AP, providing flexibility, scalability, and local survivability
I also cannot find any documentation on how to set this up (very frustrating)
Again, I do not want to use any third party solutions.
Any help appreciated
Regards
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
10-10-2022 05:38 AM
Did you had a look to Wiflex? It's a third party that have an integration with Azure/Office365 and google Workspace to onboard users with ppsk in different vlans.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
07-17-2022 06:12 PM
Hi,
we have built a solution exactly to address this use case.
Cusna provides easy user onboarding via a user portal where we can enable SSO with AD.
Cusna automatically provision PPSK in ExtremeCloud IQ and provide a user portal where they can change their passphrase as well.
https://cusna.io
we have built a solution exactly to address this use case.
Cusna provides easy user onboarding via a user portal where we can enable SSO with AD.
Cusna automatically provision PPSK in ExtremeCloud IQ and provide a user portal where they can change their passphrase as well.
https://cusna.io
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
12-17-2021 02:22 PM
Hi,
I can't give advice as I've never done it before but you could take a look into the below guide on page#20.
PPSK Guide
-Ron
I can't give advice as I've never done it before but you could take a look into the below guide on page#20.
PPSK Guide
-Ron
