Identity Private IPSK
Unique pre-shared keys created for individuals or groups of users on the same SSID. They allow for the flexibility of using the same SSID for everything PSK related whilst still having different keys and different rights on the network.
Its simplicity removes any complex configuration for the client, and as it is supported on most devices is suited for IoT, BYOD and guest deployments.
Splash Access’ standalone IPSK module integrates with the Meraki portal to create an easy to use secure onboarding system. Each user can choose their own Private Shared key and control their own devices with our simple to use management portal.
When setting up an enterprise wireless network, it is common to configure WPA2-PSK authentication in order to onboard different users on to the wireless network. However, IT administrators may still encounter some drawbacks with this method of authentication when they need to use different PSKs in order to assign different VLANs or firewall rules to different groups of users.
While using 802.1X authentication IT administrators can provide this level of role assignment but that is not possible in each and every scenario as there might be IoT devices or other headless devices that do not support RADIUS authentication. So far this led to two common setups which each have some drawbacks:
- For each device type a new SSID with a dedicated PSK is being used. This creates a lot of RF overhead and lowers possible throughputs.
- Create a single SSID with one PSK shared for all devices, not capable of Radius. This creates a big security and management issue. If this single PSK gets leaked, you need to reconfigure every device with a new PSK.
This is the use case that can be solved using Identity Pre-Shared Key (IPSK) without RADIUS, which allows you to configure multiple PSKs for a single SSID.
IPSK without RADIUS allows a network administrator to use multiple PSKs per SSID without the use of a RADIUS server.
Further, the feature allows you to assign group policies in the dashboard based on the PSK used by the client device to authenticate to the WiFi network.
Within education, a University campus for example, with multiple classrooms and dorms can utilise IPSK to assign devices into unique groups and separate VLANs. This enables students to connect with lecturers, join meetings etc across the campus networks.
VLAN tagging allows for the labelling of the devices with a specific VLAN ID, thereby giving network administrators the ability to manage and regulate switches to allow or disallow traffic from one VLAN to another, with the ability to change the keys on entire groups of devices at the same time.
This results in a far superior content distribution and remote management from several VLANs across multiple campuses.
Through IPSK, wireless devices can be authenticated more securely than the traditional pre-shared keys. Instead, the unique PSK is correlated with the devices MAC address. Identity PSK allows for separate group policies to be assigned within a single SSID based on the PSK used.