724-746-5500 | blackbox.com
Page 134
724-746-5500 | blackbox.com
Chapter 9: Common Configuration Examples
9.4 Example 4: Private PSKs
Private PSKs are unique preshared keys created for individual users on the same SSID.3 They offer unique keys per user and user
profile flexibility (similar to 802.1X) with the simplicity of preshared keys. For this example, the steps for generating, applying, and
distributing private PSK user data are as follows:
1. Define two user profiles.
2. Create two private PSK user groups. Each group includes an attribute that links it to one of the user profiles.
3. Import manually created private PSK users and assign them to one of the two private PSK user groups.
4. Create an SSID that references the private PSK groups and user profiles to which the PSK groups link.
5. Reference the SSID in a WLAN policy.
6. Push the configuration and user database to managed SmartPath APs.
7. E-mail private PSK user data to individuals to use when connecting to the network through the SSID.
NOTE: Before you can e-mail the private PSK user data, you must configure the SMTP server and From Email settings in the
Update Email Service Settings section on the Home > Administration > SmartPath EMS VMA Services page.
An overview of the process is shown in Figure 9-17.
SmartPath EMS
Database
SmartPath EMS Admin
Private PSK
User
SmartPath AP
Database
E-mail private PSK user accounts
directly to users from SmartPath EMS.
While forming an association with the
specified SSID, users enter their PSK
when prompted for a network key.
Users are authenticated.
Update private PSK user
accounts in the SmartPath AP
database and update the
configurationwith a private
PSK SSID.
2
5
* When defining private PSK users,
indicate the SSID you want them
to use in the “Description” field.
Import private PSK
users in a CSV-
formatted file.*
1
4
3
Figure 9-17. Private PSK configuration, application, distribution, and usage.
*NOTE:
It is also possible for groups of users to use the same private PSK. For example, you might find it expedient to create a
single private PSK user for visitors. You then e-mail the private PSK user data to the lobby ambassador to hand out to all
visitors that arrive that week. If you set the validity period so that it recurs on a weekly basis, SmartPath EMS VMA and
the SmartPath APs generate a new PSK for that private PSK user each week. With this approach, the SmartPath APs
update the PSK automatically at the start of each new week, and you simply e-mail the new data from SmartPath EMS
VMA to the lobby ambassador to distribute to that week's visitors. (It is important that the system clocks on SmartPath
EMS VMA and the SmartPath APs be synchronized for this to work properly.)