Community discussions

 
lbgaus
just joined
Topic Author
Posts: 5
Joined: Wed Jul 27, 2016 3:26 pm

DPSK Dynamic WPA2 PSK support

Thu Nov 29, 2018 12:14 am

I've seen some instances of Wireless LANs popping up that use dynamic/unique PSKs that are preregistered with the WLAN operator... Each device connects with a unique PSK instead of the traditional shared PSK. This is to support increased WiFi privacy on a WPA2-Personal protected network without having to use WPA2-Enterprise/802.1x (useful for shared networks where it is impractical to install a certificate on the client).

Is it possible to add such support to Mikrotik wireless APs?
 
blingblouw
Member Candidate
Member Candidate
Posts: 248
Joined: Wed Aug 25, 2010 9:43 am

Re: DPSK Dynamic WPA2 PSK support

Thu Nov 29, 2018 6:42 am

Oh yeah! This would be awesome. We used this on a couple of ruckus sites and it's pretty cool
 
gotsprings
Long time Member
Long time Member
Posts: 588
Joined: Mon May 14, 2012 9:30 pm

Re: DPSK Dynamic WPA2 PSK support  [SOLVED]

Thu Nov 29, 2018 10:09 am

Its been in there for years.
Go into your access control list under wireless. You can generate/set per Mac address passwords.

I took my dpsk file from my Zone Director and copy and pasted the passwords in to my access list. Result... The dpsk keys work on my Mikrotik wireless. Unplugged the ZD months ago. The performance of the Mikrotik wireless is no where near as good as the Ruckus APs. But if you don't mind the more than 50% drop off in throughput (866 down to 300)... The Mikrotik WAPs only cost $70 in the US

example from a stand alone Access Point.
/interface wireless access-list
add comment=Jayden mac-address=5C:1D:D9:C3:C6:15 private-pre-shared-key=supersecretpasswordexample vlan-mode=no-tag
example from caps-man
/caps-man access-list
add action=accept allow-signal-out-of-range=10s comment=Jayden disabled=no mac-address=5C:1D:D9:C3:C6:15 private-passphrase=\
    supersecretpasswordexample
So its kind of nice because you can actually make up passwords and they can be any length you want.
Also you can make that one password work for one SSID, All SSIDs, A group of access points, etc.
Further... you can go back and add a VLAN tag to bounce a device into another subnet AFTER ITS BEEN ON THE SYSTEM. (in Ruckus its set once you generate the file)
"It ain't what you don't know that gets you into trouble. It's what you know for sure that just ain't so."
Mark Twain
 
Muqatil
Trainer
Trainer
Posts: 573
Joined: Mon Mar 03, 2008 1:03 pm
Location: London - UK
Contact:

Re: DPSK Dynamic WPA2 PSK support

Thu Nov 29, 2018 11:57 am

Furthermore, you can associate a RADIUS to manage the mac-address/password association.
There are few presentations that covered this topic.
MikroTik was there for ages, too bad they didn't use it as a good advertisement.
Renato Bernardi

skype: medtech5
 
lbgaus
just joined
Topic Author
Posts: 5
Joined: Wed Jul 27, 2016 3:26 pm

Re: DPSK Dynamic WPA2 PSK support

Thu Nov 29, 2018 6:37 pm

Wow, this is really awesome news. I had no idea it was in there, although that's probably because I typically don't need to implement ACLs.

Great stuff... Thanks!
 
RackKing
Member Candidate
Member Candidate
Posts: 212
Joined: Wed Oct 09, 2013 1:59 pm

Re: DPSK Dynamic WPA2 PSK support

Wed Dec 05, 2018 8:16 pm

Furthermore, you can associate a RADIUS to manage the mac-address/password association.
There are few presentations that covered this topic.
MikroTik was there for ages, too bad they didn't use it as a good advertisement.
Do you have a link to the presentations? I assume you mean youtube, but I cannot seem to find them in English.

Who is online

Users browsing this forum: paulct, ryny24 and 6 guests