Does Zyxel Access Points support something similar to Cisco's iPSK?

I need to be able to have individual WPA2-Personal pre-shared keys for IOT devices.

Cisco use their vendor-specific Radius VSA for iPSK (cisco-av-pair EQ psk=password) and Meraki uses the Radius:Tunnel-Password attribute for the Radius server to send back the pre-shared key.

Does Zyxel Access Points have something similar?

All Replies

  • Zyxel_Nami
    Zyxel_Nami Posts: 458  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi Tobber, 

    Zyxel offers a cloud authentication method called Dynamic Personal Pre-Shared Key (DPPSK) that providing each device and network user in the same SSID with a unique encryption key. You can easily access this function in Nebula Professional Pack without additional infrastructure. For the configuration steps, please check this article >> https://community.zyxel.com/en/discussion/10020/nebula-how-to-use-dynamic-password-for-each-client-with-dppsk  

    Hope it helps!

    Nami

    Zyxel Nami

  • Tobber
    Tobber Posts: 2
    First Comment
    Hi Nami,

    Thanks for the answer :)
    Yes, i know about the DPPSK and have also tested it - but it's not exactly what im looking for.
    With DPPSK you make a "pool" of PSK's, and if You just know one of these, you can connect.

    What im looking for is a way to combine the mac address and the PSK, so that only this mac address can use the specific PSK.
    Thats how the Cisco iPSK is working.
    And i would preferer that this Authentication/Authorization is handled in an external Radius server like FreeRadius or Cisco ISE.

    So if it was possible that the AP could use for instance the "Radius:tunnel-password" attribute for the PSK, then the Radius server could return this.
    This would make the solution a bit more secure in my opinion :)

    /Torben
     
  • Zyxel_Nami
    Zyxel_Nami Posts: 458  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    Hi Tobber, 

    DPPSK currently can’t combine with MAC Address for authentication. However, we would like to thank you for sharing this helpful information, and we are going to transfer your concern to our development team and WLAN Idea section for evaluation. 

    Thanks again for being our companion on the journey of delivering and enhancing new features. 

    Nami 

    Zyxel Nami

  • mMontana
    mMontana Posts: 1,298  Guru Member
    First Anniversary 10 Comments Friend Collector First Answer
    @Zyxel_Nami I'd love that this concept could be evaluated also for USGs Wireless Controllers.
  • Zyxel_Nami
    Zyxel_Nami Posts: 458  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    mMontana said:
    @Zyxel_Nami I'd love that this concept could be evaluated also for USGs Wireless Controllers.
    Hi @mMontana
    Sure, we also bring this topic up on USG Wireless Controllers.

    Zyxel Nami