Does Zyxel Access Points support something similar to Cisco's iPSK?

Tobber
Tobber Posts: 2
First Comment
edited May 21 in Wireless
I need to be able to have individual WPA2-Personal pre-shared keys for IOT devices.

Cisco use their vendor-specific Radius VSA for iPSK (cisco-av-pair EQ psk=password) and Meraki uses the Radius:Tunnel-Password attribute for the Radius server to send back the pre-shared key.

Does Zyxel Access Points have something similar?

All Replies

  • Zyxel_Nami
    Zyxel_Nami Posts: 656  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Engineer Level 1 - Security Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate

    Hi Tobber, 

    Zyxel offers a cloud authentication method called Dynamic Personal Pre-Shared Key (DPPSK) that providing each device and network user in the same SSID with a unique encryption key. You can easily access this function in Nebula Professional Pack without additional infrastructure. For the configuration steps, please check this article >> https://community.zyxel.com/en/discussion/10020/nebula-how-to-use-dynamic-password-for-each-client-with-dppsk  

    Hope it helps!

    Nami

    Engage in the Community, become an MVP, and win exclusive prizes! https://bit.ly/Community_MVP

    Nami

  • Tobber
    Tobber Posts: 2
    First Comment
    Hi Nami,

    Thanks for the answer :)
    Yes, i know about the DPPSK and have also tested it - but it's not exactly what im looking for.
    With DPPSK you make a "pool" of PSK's, and if You just know one of these, you can connect.

    What im looking for is a way to combine the mac address and the PSK, so that only this mac address can use the specific PSK.
    Thats how the Cisco iPSK is working.
    And i would preferer that this Authentication/Authorization is handled in an external Radius server like FreeRadius or Cisco ISE.

    So if it was possible that the AP could use for instance the "Radius:tunnel-password" attribute for the PSK, then the Radius server could return this.
    This would make the solution a bit more secure in my opinion :)

    /Torben
     
  • Zyxel_Nami
    Zyxel_Nami Posts: 656  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Engineer Level 1 - Security Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate

    Hi Tobber, 

    DPPSK currently can’t combine with MAC Address for authentication. However, we would like to thank you for sharing this helpful information, and we are going to transfer your concern to our development team and WLAN Idea section for evaluation. 

    Thanks again for being our companion on the journey of delivering and enhancing new features. 

    Nami 

    Engage in the Community, become an MVP, and win exclusive prizes! https://bit.ly/Community_MVP

    Nami

  • mMontana
    mMontana Posts: 1,380  Guru Member
    50 Answers 1000 Comments Friend Collector Fifth Anniversary
    @Zyxel_Nami I'd love that this concept could be evaluated also for USGs Wireless Controllers.
  • Zyxel_Nami
    Zyxel_Nami Posts: 656  Zyxel Employee
    Zyxel Certified Network Engineer Level 1 - Switch Zyxel Certified Network Engineer Level 1 - Security Zyxel Certified Network Administrator - Nebula Zyxel Certified Sales Associate
    mMontana said:
    @Zyxel_Nami I'd love that this concept could be evaluated also for USGs Wireless Controllers.
    Hi @mMontana
    Sure, we also bring this topic up on USG Wireless Controllers.

    Engage in the Community, become an MVP, and win exclusive prizes! https://bit.ly/Community_MVP

    Nami