MPSK groups
Users can batch generate or import MPSK keys, export MPSK keys to a CSV file, dynamically assign VLANs based on used MPSK, and apply an MPSK schedule in the GUI.
In the GUI, MPSK key entries are organized in different MPSK groups. An MPSK group can be created manually or imported. When MPSK is enabled, the previous single passphrase is dropped and a dynamic VLAN is automatically enabled.
In the CLI, an mpsk-profile
is assigned in the VAP settings and MPSK is enabled. The dynamic VLAN is automatically enabled. Only one MPSK profile can be assigned to one VAP at a time.
To use an MPSK group in the GUI:
- Go to WiFi & Switch Controller > SSIDs and click Create New > SSID.
- Enter a name and ensure the Security mode is set to WPA2 Personal.
- In the Pre-shared Key section, select a Mode (Multiple is used in this example).
- In the table, click Add > Create Group.
- Enter a group name and VLAN ID.
- Configure the pre-shared key settings:
- In the table, click Add > Generate Keys.
- Configure the settings as needed and click OK.
- Click OK to close the Pre-shared Key Group window.
- Click OK.
- Go to WiFi & Switch Controller > WiFi Clients to view the MPSK name in the Pre-shared Key column.
To use an MPSK profile in the CLI:
- Configure the MPSK profile:
config wireless-controller mpsk-profile edit "wifi-mpsk" config mpsk-group edit "group-a" set vlan-type fixed-vlan set vlan-id 10 config mpsk-key edit "key-a-1" set passphrase ENC set mpsk-schedules "always" next end next edit "group-b" set vlan-type fixed-vlan set vlan-id 20 config mpsk-key edit "key-b-1" set passphrase ENC set concurrent-client-limit-type unlimited set mpsk-schedules "always" next end next end next end
- Configure the VAP settings:
config wireless-controller vap edit "wifi-mpsk" set ssid "wifi-mpsk" set local-bridging enable set schedule "always" set mpsk-profile "wifi-mpsk" set dynamic-vlan enable next end
- Verify the event log after the WiFi client is connected:
1: date=2020-07-10 time=16:57:20 logid="0104043573" type="event" subtype="wireless" level="notice" vd="root" eventtime=1594425440439070726 tz="-0700" logdesc="Wireless client authenticated" sn="FP423E3X16000320" ap="FP423E3X16000320" vap="wifi-mpsk" ssid="wifi-mpsk" radioid=2 user="N/A" group="N/A" stamac="3c:2e:ff:83:91:33" srcip=10.0.10.2 channel=144 radioband="802.11ac" signal=-52 snr=50 security="WPA2 Personal" encryption="AES" action="client-authentication" reason="Reserved 0" mpsk="key-a-1" msg="Client 3c:2e:ff:83:91:33 authenticated."