This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Self registration CWP using 802.1x credentials to register and receive PPSK for BYOD devices

Self registration CWP using 802.1x credentials to register and receive PPSK for BYOD devices

sfolk
New Contributor III

Wednesday

@SamPirok 

I can't find any documentation that clearly explains this but is it possible to have a CWP with self registration that forces the client to use their existing AD/radius details to register and therefore then  assigns them a PPSK for their BYOD devices

I would like to do this with the built in capabilities of XIQ and it seems possible as I took this statement from the online help files... 

  • PPSK Self-Registration: This feature provides secure network access and management of employee personal devices. Employees connect to an open-registration wireless network, authenticate using their employee credentials, and receive a PPSK via a captive web portal. PPSKs can be cached in an on-device database (on the AP) or in the cloud. You can choose to grant PPSKs and tailor the experience (firewall, QoS, throughput rates) on a per-device basis. PPSK technology lets you revoke permission for a single user without affecting the entire network. PPSKs can be stored in the cloud, or on an Extreme AP, providing flexibility, scalability, and local survivability

 

I also cannot find any documentation on how to set this up (very frustrating) 

Again, I do not want to use any third party solutions.

Any help appreciated

Regards

0 Kudos
1 REPLY 1

Brent_Addis
Contributor II

Thursday - last edited Thursday

Can't help you with the above, however I wouldn't use it as a long term solution even if you get it going.

A) PPSK does not work with WPA3 which is a requirement for 6ghz, so if you want to use relatively current encryption or wifi 6E/7 moving forwards, you'll have problems.

B) I suspect that document you are viewing is out of date, to my knowledge that support does not exist in EP1, so it'll go away in the coming months.

NB: WPA3 does not allow for the reverse engineering of the passphrase. WPA2 had the passphrase contributing to the master session key which is no longer a thing. This is outside of Extreme's control and affects all vendors.

 

-----
-Brent Addis / Extreme Black Belt #491

New to Extreme? Check out the Welcome series here - https://training.extremenetworks.com/welcome-series-1
Want to join the official Extreme learners discord? Let me know!
0 Kudos
GTM-P2G8KFN