[NEBULA] How to use dynamic password for each client with DPPSK?

Zyxel_Joslyn
Zyxel_Joslyn Posts: 360  Zyxel Employee
25 Answers First Comment Friend Collector Fourth Anniversary
edited June 21 in SSID
Where to find: 
DPPSK database: Configure > Cloud authentication > DPPSK (NCC Pro-Pack)
Enable DPPSK: Configure > Access point > SSID advanced setting > Network access > Dynamic personal psk.
Function description: 
Just like WPA2-Personal, users must input a password/passphrase to access the wireless network. Each wireless client can have a unique password resulting in unique encryption key. It also supports dynamic VLAN assignment.
Scenario: 
4 hotel guests book rooms for 2 nights and purchase Wi-Fi service during their stay. Hotel desk provides unique Wi-Fi codes for each hotel guests to access network.

Configuration: 
1. Go to Configure > Access points > SSID settings > Turn on Advanced Mode > Click Edit to do SSID advanced settings. 

2. Choose "Dynamic personal psk". "Users can enter this backup key to associate" is an optional function. Click "Back" and then "Save".

3. Configure > Cloud authentication, select DPPSK.

4. Click "Add", and choose "Batch create DPPSK".

5. Create 4 DPPSKs for 2 days. Enter VLAN id if you have created specific vlan interface fof the DPPSK users.

Enter the email address in “E-mail account info to” the copy of each user account’s dynamic personal pre-shared key (DPPSK) and expiry date will send to the specified email address. Currently, the DPPSK email content and format cannot be customized.


6. Choose the DPPSK users and click the "Print".

7. The DPPSK information will pop out.

Verifacation:
Use the DPPSK account to access the Wi-Fi network.




Note.
1. "Users can enter this backup key to associate": This is an optional setting. The hotel desk can record this password. When the users who lose the DPPSKs, the hotel desk can tell the customers to use this password first before they get another DPPSK.
2. MAC-based Authentication cannot be enabled with DPPSK.

3. Nebula CC also allows single DPPSK account creation.


4. Nebula users can create unlimited DPPSK accounts, but only 2048 entries can be authorized at any given time. If authorized account exceeds 2048, oldest accounts created sets to unauthorized.
5. 
Non-supported models disable SSID with DPPSK enabled.
6. We recommend adding the trust domain "nebula.zyxel.com" to mail server. This will ensure that emails from Nebula are not dropped or flagged as spam