This is a FR for Dynamic PSK support in OpenWrt like what is available on many Ruckus Unleased APs. This is the data sheet: https://www.ruckusnetworks.com/globalassets/digizuite/921377-dynamic-psk-pa-115991-en.pdf. The future operates on device and does not require a RADIUS server (AFAIK).
This feature operates in three ways:
-
A client device connects to the network and inputs key "PrivatePassword". The key is recognised and the client is connected to the Private VLAN 1. Another device connects to the same SSID as the first client and inputs key "GuestPassword". The key is recognised and the client is connected to the Guest VLAN 2.
-
A client device connects to the network and inputs a unique key issued to them. They are connected to the network if the key is in the valid list. The key is bound to the MAC address of the connecting device and cannot be used on any further devices.
-
A client device connects to the network and inputs a unique key issued to them. They are connected to the network if the key is in the valid list. A timer is started and the password expires after a defined period and cannot be reused.
At all times, clients are non the wiser that this happens on the AP and the network appears like any other WPA2 Personal network. This helps greatly with interoperability and makes connecting intuitive.
Use Cases:
-
An IoT VLAN without needing a separate (visible) SSID.
-
Providing secure and segregated guest access without advertising a guest SSID.
-
Using expiring passwords to grant temporary access to the network.