What Is PPSK

 

A private Pre-Shared Key (PPSK for short) is a security solution in which individual client devices can be managed without much complexity. With PPSK, each user is assigned a unique passphrase for authentication. Also, it allows the binding of a passphrase and the device MAC address(es), and thus only the specified device can be authenticated using the passphrase. In PPSK, you can create the PPSK list and apply them to multiple wireless networks, saving you from repeatedly setting up the same information.

 

Omada SDN Controller supports two types of PPSK, PPSK without RADIUS and PPSK with RADIUS.

 

PPSK without RADIUS: Just create PPSK profiles on Omada SDN Controller.
PPSK with RADIUS:

• EAP works as a Network Access Server (NAS). You need to create clients in the RADIUS server to allow the EAPs to submit authentication requests.
• When the client connects to the SSID, EAP uses the MAC address of the client (in the format "xx:xx:xx:xx:xx") as the RADIUS User and User-password, the submitted PPSK as the Tunnel-password and submits the information to the RADIUS server for authentication. Therefore, you need to create users in the RADIUS server in the appropriate format.

 

 

How to Configure The PPSK Function

 

Kind Notes:

(1) When 6GHz is turned on, Security cannot be PPSK with/without RADIUS since 6GHz does not suppport them, please uncheck the 6GHz box so that you can configure the security with PPSK.

(2) If the EAP doesn't support PPSK without RADIUS, there will be an issue characterized by client devices being unable to detect the SSID on either frequency band, as the EAP will not broadcast SSID with PPSK without RADIUS configuration. So please make sure the current firmware version of your EAPs supports PPSK without RADIUS.

 

1. Configuration Guide for PPSK without RADIUS.

 

First, create a new PPSK profile by Settings --> Profiles --> PPSK, name the profile, and add PPSKs manually, automatically, or by import. Please refer to the User Guide for more information about the PPSK profile.

 

The following figure creates a PPSK. The name “TP-Link” is used to identify the PPSK, while the passphrase “tplink123” is used for authentication when clients connect to Wi-Fi.

 

If you enter the MAC address for a PPSK, then only specific clients can use the passphrase for authentication. If you define the VLAN assignment, then the client will connect to the corresponding VLAN after authentication.

 

 

After creating the PPSK profile, go to Settings --> Wireless Networks, create a new wireless network, and select PPSK without RADIUS and the PPSK profile.

 

 

 

2. Configuration Guide for PPSK with RADIUS.

 

Step 1. Set up the RADIUS server.

 

Here we are running a FreeRADIUS^® server on a Linux server. For more information on installation and configuration, please refer to the FreeRADIUS documentation.

First, edit the “clients.conf” file. Here we assume that the EAPs are located in the network 192.168.0.0/24, and the shared secret used for communication between the EAPs and the RADIUS server is “tplink”, then the “clients.conf” file is configured like this:

 

 

 

Next, edit the “users” file. With the configuration shown below, three PPSK profiles are created.

 

 

• When the client with MAC address “xx:xx:xx:xx:xx:xx” submits PPSK “xxx_tplink”, it will be authenticated.

• When the client with MAC address “yy:yy:yy:yy:yy:yy” submits PPSK “yyy_tplink”, it will be authenticated and connected to the network of VLAN 10.

• When a client with an unknown MAC address submits the default password “default”, it will be authenticated and connected to the “Guest” network of VLAN 20.

 

 

Step 2. Create the RADIUS profile.

 

Go to Settings --> Authentication --> RADIUS Profile, and create a new profile bound to the RADIUS server. If necessary, note to check “Enable VLAN Assignment for Wireless Network”.

 

 

 

Step 3. Create more interfaces for VLAN assignments (optional)

 

Go to Settings --- Wired Networks --- LAN, and create two interfaces with VLAN10 and VLAN20.

 

 

 

Step 4. Create a wireless network encrypted with PPSK with RADIUS

 

Go to Settings – Wireless Networks and create the new wireless network shown below.

 

 

The Original Firmware Version of EAPs that Supports PPSK

 

Supported:

 

Model No.	Version	original firmware version that supports PPSK
Ceiling Mount EAPs
EAP690E HD(EU)	1.0	Latest Firmware
EAP680	1.0	Latest Firmware
EAP670(EU/US)	1.0/1.6	EAP670(EU/US)_V1_1.0.6 Build 20220921
EAP660 HD (EU/US)	1.0/1.6	EAP660HD(EU)_V1_1.1.1 Build 20220118
EAP653(EU/US/CA/JP)	1.0/1.6	EAP653(EU/US/CA/JP)_V1_1.0.4 Build 20220921
EAP650(EU/US/CA/JP)	1.0/1.6	EAP650((EU/US/CA/JP))_V1_1.0.6 Build 20220921
EAP650	2.0/2.6	Latest Firmware
EAP620 HD(EU/US)	1.0/1.6	EAP620HD(EU&US)_V1_1.1.0_Build 20230303 (Beta)
EAP620 HD (EU/US/CA/JP)	2.0/2.6	EAP620 HD((EU/US/CA/JP)_V2_1.0.3 Build 20220325
EAP620 HD	3.0/3.6	Latest Firmware
EAP613(EU/US/JP)	1.0/1.6	EAP613(EU&US&JP)_V1_1.4.0_Build 20230718 (Beta)
EAP610(EU/US)	1.0/1.6	EAP610(EU/US)_V1_1.0.4 Build 20220325
EAP610(EU/US/CA/JP/EG)	2.0/2.6	EAP610(EU&US&CA&JP&EG)_V2_1.1.3_Build 20230814 (Beta)
EAP610(EU/US/CA/JP/EG)	3.0/3.6	EAP610(EU&US&CA&JP&EG)_V3_1.4.0_Build 20230718 (Beta)
EAP265 HD	1.0/1.6	EAP265HD(EU)_V1_5.0.5_Build 20220216
EAP245 (EU/US)	3.0/3.6	EAP245(EU/US)_V3_5.0.5 Build 20220216
EAP245 (CA)	3.0	EAP245(CA)_V3_5.0.5 Build 20220323
EAP225 (EU/US)	3.0/3.2/3.6	EAP225(EU/US)_V3_5.0.8 Build 20220118
EAP225 (CA)	3.0	EAP225(CA)_V3_5.0.8 Build 20220225
EAP225(EU/US)	4.0	EAP225(EU/US)_V4_5.1.0 Build 20220926
EAP223(EU/US)	2.0	Latest Firmware
EAP115(EU/US)	4.0/4.6	EAP115(EU/US)_V4_5.0.4 Build 20220216
EAP110(EU/US)	4.0/4.6	EAP110(EU/US)_V4_5.0.4 Build 20220216
Outdoor EAPs
EAP650-Outdoor（US）	1.0	EAP650-Outdoor(US)_V1_1.0.4 Build 20230421
EAP610-Outdoor(EU/US/CA/JP)	1.0	EAP610-Outdoor(EU/US/CA/JP)_V1_1.1.3 Build 20230330
EAP225-Outdoor(EU/US)	1.0	EAP225-Outdoor(EU/US)_V1_5.0.8 Build 20220118
EAP225-Outdoor(EU/US)	3.0	EAP225-Outdoor(EU/US)_V3_5.1.0 Build 20220926
EAP110-Outdoor(EU/US)	3.0	EAP110-Outdoor(EU/US)_V3_5.0.4 Build 2022021
Wall Plate EAPs
EAP655-Wall(EU/US/CA/JP)	1.0/1.6	EAP655-WALL(EU&US&CA&JP)_V1_1.2.0_Build 20230717 (Beta)
EAP650-Wall(EU/US)	1.0	EAP650-WALL(EU/US)_V1_1.1.1_Build 20230814 (Beta)
EAP615-Wall(EU/US/CA/JP)	1.0/1.8/1.6	EAP615-Wall(EU/US/CA/JP)_V1_1.1.3 Build 20220921
EAP235-Wall(EU/US/CA/JP)	1.0	EAP235-Wall(EU/US/CA/JP)_V1_3.1.1 Build 20230414
EAP230-Wall(EU)	1.0	EAP230-Wall(EU)_V1_3.1.1 Build 20230414
EAP115-Wall(EU)	1.0	EAP115-Wall(EU)_V1_5.0.4 Build 20220216

 

 

Planned* :

 

Model No.	Version
Ceiling Mount EAPs
EAP670	2.0/2.6
EAP660 HD	2.0/2.6
EAP245	4.0
EAP225	5.0/5.6
EAP223(EU/US)	1.0
Outdoor EAPs
EAP113-Outdoor	1.0

 

Note:

1. Planned* : Kindly note that Planned is not a guarantee, as the plan can be adjusted or changed, and TP-Link reserves the right to update the list at any time without notifying the user.

2. The above list might not include all models and hardware versions. It is recommended to keep watching the firmware releases for your EAPs, as the PPSK will be listed in the patch notes if/when it is added to your version. Rest assured, we will keep the list constantly updated.

3. If you have a pre-sales consultation, we kindly request you to refer to the product SPEC/UG/CG/FW release notes and other publicly available materials first. This will help ensure that the feature you require is supported before making a purchase.

4. The original and subsequent versions of the firmware in the list above all support PPSK without RADIUS.

 

 

Recommended Threads

Current Available Solutions to Omada EAP Related Issues [Constantly Updated]

Essence Posts Summary (Newbie Must-See)

Experience the Latest Omada EAP Firmware - Trial Available Here, Subscribe for Updates!

How to Upgrade or Downgrade the Firmware of Omada EAPs