Business Community > Controllers > Any success with VLAN and PPSK without Radius backend ?
< Controllers

Any success with VLAN and PPSK without Radius backend ?

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Any success with VLAN and PPSK without Radius backend ?

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Any success with VLAN and PPSK without Radius backend ?
Any success with VLAN and PPSK without Radius backend ?
2023-12-07 13:08:30
Model: OC300  
Hardware Version: V1
Firmware Version: 5.2.19

Hello,

 

My setup includes a 5.2.19 controller (on OC300) and EAP245 v4 or v3 (1.2.1 or 5.0.7 respectively).

 

Using an external Freeradius backend, I could positively connect a couple of devices (one Win11 PC, one Android 10 smartphone) to an SSID with Radius VLAN assignment.

For that I followed the steps in [1].

 

Using the same document, I tried to set things without using my Radius backend but didn't get any success.

My network requires VLAN setting

I both tried specifying or not specifying any MAC address for each PPSK entry but didn't get any success.

 

Have you met any success with VLAN without Radius backend ?

 

[1] https://www.tp-link.com/us/support/faq/3386/

 

Best regards

  0      
 
  0      
 
#1
Options
2 Reply
Re:Any success with VLAN and PPSK without Radius backend ?
2023-12-08 03:38:13

  @Oliv2831 

 

What is firmware version of EAP245 V3? EAP245 v4 doesn't support PPSK without radius, as I know.

Take a look: Getting To Know PPSK (Private Pre-Shared Key) of Omada EAP Products

Have you seen it? It is pinned on the WiFi section.

Just striving to develop myself while helping others.
  0  
  0  
#2
Options
Re:Any success with VLAN and PPSK without Radius backend ?
2023-12-08 08:24:36

  @Virgo 

For my testings, I had:

EAP245v3 with 5.0.7

EAP245v4 with 1.2.1

 

I conducted tests with a single EAP245v3/5.0.7 but I can switch to anything else, if necessary.

 

1. If my reading of [2] (see table bellow) is correct, this EAP245v3 qualifies as supporting PPSK, right ?

 

Model No.    Version    original firmware version that supports PPSK
EAP245 (EU/US)    3.0/3.6    EAP245(EU/US)_V3_5.0.5 Build 20220216
EAP245 (CA)    3.0    EAP245(CA)_V3_5.0.5 Build 20220323

 

2. In [2], I can read in PPSK without Radius section, the "If you enter the MAC address for a PPSK, then only specific clients can use the passphrase for authentication. If you define the VLAN assignment, then the client will connect to the corresponding VLAN after authentication."

 

Is this referred sentence when writing "PPSK without Radius doesn't work with VLAN" ?

Is positive, could this sentence be rephrased to be more descriptive of what can or can't be done with "PPSK without Radius" ?

 

Did you mean "PPSK without Radius will never work with VLAN" or "PPSK without Radius with VLAN may work in the future" ?

 

 

3. Anyway, I'm working in hospitality (student housing), and "PPSK without Radius with VLAN" seems a very attractive solution to me as:

- you can handle a single password to an arriving guest, binding this password to a dedicated VLAN (one VLAN per guest) with a blank MAC address

- after a couple of days, you can replace the blank MAC address with the ones used by the guest devices

 

With this in place:

- you can give connectivity to kinds of device from PC/smartphones to smart TVs,  game consoles and even IoT thanks to PSK,

- you prevent one guest from lending credentials to un-authrorized one thanks to MAC binding,

- with one VLAN per guest and deterministic NAT, you comply with legal duties without having to store large amount of log files.

 

In this landscape, a working "PPSK without Radius with VLAN with or without MAC address", scaling up to 200 guests would perfectly fit.

An alternative with a Radius backend requires a mean to collect MAC addresses which I'm hesitant to set.

 

Thoughts ?

 

 

 

[2] https://community.tp-link.com/en/business/forum/topic/620762

  0  
  0  
#3
Options

Information

Helpful: 0

Views: 478

Replies: 2

Related Articles
 PPSK without Radius not sending DHCP to clients
1854 0
PPSK without radius does not work, even with 1.1.1
2051 0
 PPSK profile without radius
278 1
 PPSK without radius not working
634 0
PPSK with builtin Radius
695 0
 PPSK without radius does not working in EAP225
358 0
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.