OpenWiFi
2.1.0
2.1.0
  • OpenWiFi Release 2.1
  • Ordering OpenWiFi APs
  • Getting Started
    • Cloud Discovery
      • Discovery without Cloud
    • Release 2.0 SDK
      • Deploy using Docker Compose
      • Deploy using Helm
    • Access Points
      • Local Device Settings
  • Provisioning
    • Data Model Introduction
    • Creating a Configuration
  • User Interface
    • Devices
      • Commands
      • Statistics
      • Command History
    • Firmware
  • API
    • OpenAPI Definitions
  • Monitoring
    • ELK Integration
  • Configuration Examples
    • Basic Device Provisioning
      • Bridge Mode SSID
      • NAT Gateway Mode SSID
      • Multi-VLAN SSID
    • ExpressWiFi
    • WDS
    • Mesh
    • Roaming RRM and SON
    • Captive Portal
      • External Captive Portal
    • Multi-PSK (MDU Shared Key)
    • Dynamic Air-Time Policy
    • VxLAN
    • L2TP
    • GRE
    • RADIUS Authenticated SSID
      • Dynamic VLANs with RADIUS
    • Passpoint®
      • Configuration Introduction
      • Advertising Services
      • Passpoint® Configuration
    • Switching
      • Port Speed
    • Metrics
    • P4
    • Services
Powered by GitBook
On this page
  1. Configuration Examples

Multi-PSK (MDU Shared Key)

OpenWiFi 2.1

Multiple Pre Shared Key is a popular configuration option in Multi Dwelling Unit, dormitory or similar environment where it is costly to implement complex 802.1x security however that same level of per-client security is highly desired.

A SSID when configured for multi-psk can have multiple PSK/VID mappings. Each one of them can be bound to a specific MAC or be a wildcard.

            "ssids": [
                {
                    "name": "MDU Wi-Fi",
                    "wifi-bands": [
                        "5G",
                        "2G"
                    ],
                    "bss-mode": "ap",
                    "encryption": {
                        "proto": "psk2",
                        "ieee80211w": "optional",
                        "key": "OpenWifi"
                    },
                    "multi-psk": [
                        {
                            "key": "akey",
                            "vlan-id": 100
                        },
                        {
                            "key": "bkey"
                            "vlan-id": 200
                        }
                    ],
                    "roaming": {
                        "message-exchange": "ds",
                        "generate-psk": true
                    }
                }
            ]

Note: M-PSK passwords must be unique per vlan-id as the device will attempt to match security key to assigned virtual lan. In the above example, a password of OpenWifi will match the untagged interface of the SSID and unique password of "akey" will match client(s) to virtual lan 100.

PreviousExternal Captive PortalNextDynamic Air-Time Policy

Last updated 3 years ago