OpenWiFi
2.4.0
2.4.0
  • OpenWiFi Release 2.4 GA
  • Ordering OpenWiFi APs
  • Device Partner Information
  • Cloud Partner Information
  • Getting Started
    • Cloud Discovery
      • Discovery without Cloud
    • Release 2.0 SDK
    • Access Points
      • Local Device Settings
    • Repositories
  • Provisioning
    • Data Model Introduction
    • Creating a Configuration
  • User Interface
    • Devices
      • Commands
      • Statistics
      • Command History
    • Firmware
  • API
    • OpenAPI Definitions
    • Security Service
    • Gateway Service
    • Firmware Management Service
  • Monitoring
    • ELK Integration
  • SDK Installation
    • Overview
    • Deploy using Docker Compose
    • Deploy using Helm
  • Configuration Examples
    • Basic Device Provisioning
      • Bridge Mode SSID
      • NAT Gateway Mode SSID
      • Multi-VLAN SSID
    • Device Feature Configuration Examples
      • Zero Touch Provisioning
      • DHCP Relay
      • Services
      • Metrics
      • GRE
      • L2TP
      • VxLAN
      • WDS
      • Mesh
      • QoS
      • Dynamic Air Time Fairness
      • Dynamic Subscriber QoS
      • Captive Portal
        • External Captive Portal
      • ExpressWiFi
      • Roaming RRM and SON
      • RADIUS Authenticated SSID
        • Dynamic VLANs with RADIUS
      • Multi-PSK (MDU Shared Key)
      • Dynamic Air-Time Policy
      • Passpoint®
        • Configuration Introduction
        • Advertising Services
        • Passpoint® Configuration
      • Switching
        • Port Speed
  • Release Notes
    • Features
    • Security
    • Resolved Issues
  • Test Automation Framework
    • Overview
Powered by GitBook
On this page
  1. Configuration Examples
  2. Device Feature Configuration Examples

Multi-PSK (MDU Shared Key)

TIP OpenWiFi 2.0

Multiple Pre Shared Key is a popular configuration option in Multi Dwelling Unit, dormitory or similar environment where it is costly to implement complex 802.1x security however that same level of per-client security is highly desired.

A SSID when configured for multi-psk can have multiple PSK/VID mappings. Each one of them can be bound to a specific MAC or be a wildcard.

            "ssids": [
                {
                    "name": "MDU Wi-Fi",
                    "wifi-bands": [
                        "5G",
                        "2G"
                    ],
                    "bss-mode": "ap",
                    "encryption": {
                        "proto": "psk2",
                        "ieee80211w": "optional",
                        "key": "OpenWifi"
                    },
                    "multi-psk": [
                        {
                            "key": "akey",
                            "vlan-id": 100
                        },
                        {
                            "key": "bkey"
                            "vlan-id": 200
                        }
                    ],
                    "roaming": {
                        "message-exchange": "ds",
                        "generate-psk": true
                    }
                }
            ]

Note: M-PSK passwords must be unique per vlan-id as the device will attempt to match security key to assigned virtual lan. In the above example, a password of OpenWifi will match the untagged interface of the SSID and unique password of "akey" will match client(s) to virtual lan 100.

PreviousDynamic VLANs with RADIUSNextDynamic Air-Time Policy

Last updated 3 years ago