To create a new SSID we will want to go to the Configuration tab in the hive manager. Once we are on the configuration tab, weâ€™ll want to select the Network Policy weâ€™re working with or create a new one. If you create a new one the screen will look like this:
Next to SSIDs we want to hit choose and then New. There are four types of SSIDs: PSK, PPSK, Radius, and Open. This guide goes over how to create a PPSK SSID. Â In the SSID settings weâ€™ll want to select the SSID Access Security option â€œPrivate PSKâ€�, then â€œSaveâ€�.
PPSK SSIDs requires the creation of local users and local user groups. This method allows everyone to have their own password. You will need to create a group (ex. Students vs Teachers) and create local users with their own username and password combos. When you choose this kind of security for the SSID, your network policy will look like this:
Now you can see under Authentication it is asking us for a user group with local users in it. To make this we would click on the PSK User Groups link, create a new one, which will take us to this page:
In here we want to make a name for the user Group (for our example, let say Student). Next, we want to choose whether the users are automatically generated or manually created. If you chose automatically generated, you would give a User name Prefix (i.e. Student) and the hive manager will create a batch of users for you using this prefix (i.e. Student001, Student002, Student003,Student004, etc.). If you choose to manually generate the users, you will need to individually create users and enter in their unique usernames and passwords (weâ€™ll go over how to make these users later in this guide). We need to assign an attribute number (corresponding with the User profile attribute we are going to use later, so remember what you set here), assign a VLAN, choose the reauthorization time (if any) and create the PPSK secret (users will not need toÂ know this to authenticate). When you expand the Private PSK Advanced Options, you can tweak the password settings. You can change the time zone, and even change what characters are going to be required in the passwords if they are being generated by the hive manager.
Now we want to make local users. To do this we will want to go to Configuration> Expand the left hand side menu> Advanced Configuration> Authentication> Local User Groups. This page will show you your existing users and we can make new users by clicking on the â€œNewâ€� button at the top of the page.
In here we will want to choose either the automatically generated private PSK user option or the manually created private PSK user option, depending on what you set the local user group to use in the previous steps. Once youâ€™ve selected the option that matches your local user group, you should see the group you created in the drop down menu next to User Group. Select the grounp you want to use. The above picture shows an example of an automatically generated private PSK user option. The next picture shows an example of a manually created private PSK user.
If you have a list of usernames and passwords that youâ€™ve made in a separate list outside of the hive manager and would like to use these instead of the automatically generated users through the hive, we want to choose manually created private PSK users. If you want to use an existing list then we will need to import the list youâ€™ve made into the hive manager. To do this we would need to go to Configuration> Expand the left hand side menu> Advanced Configuration> Authentication> Local User Groups> Import.
You do need to configure the list you are trying to upload in a very specific way, so that the hive manager can read it and integrate those users and passwords into its own system. When you click on import you will get this warning message, telling you exactly how to configure the list.
Once youâ€™ve configured a local user group your network profile will show this:
Once youâ€™ve applied the user group to your SSID, and weâ€™ve made users for that user group, we need to make a user profile. In the user profile it is vitally important that the User Profile Attribute you set when making the local user group, and the Attribute number in the user profile match. The same thing goes for the VLAN set in the local user group and the user profile. Once you have this made, you will want to push this configuration out to your APs and then you will have a functioning PPSK SSID.Â