Configure Self Registration and PPSK

  • 1
  • Question
  • Updated 5 years ago
  • Answered
Hi everyone,

I'm trying to implement the self-registration and ppsk in my office for guest. However is not working. The Vlan for guest and Device Management are in different Vlan.

Anyone can help to guide me to configure the Network policy for this?
Photo of mohd hafiz Mo

mohd hafiz Mo

  • 2 Posts
  • 1 Reply Like

Posted 5 years ago

  • 1
Photo of Bill Lundgren

Bill Lundgren, Employee

  • 21 Posts
  • 12 Reply Likes
Have you configured the SSID, open SSID, Local user group, and a bulk pool of PPSK's yet? Or have you done all of that, and you're just having issue with the VLAN working correctly?

If it's just the latter, under your SSID, please edit it, and under the "advanced" section, make sure the authentication order is set MAC Authentication - Captive Portal - SSID, and not the default where Captive Portal is the last option. Then it will map the User Profile accordingly.

Also make sure you your Private PSK Local user Group that is used in the PPSK Self Reg, has the user profile attribute defined such that it maps to one being used by the network policy.
Photo of Shane Walters

Shane Walters

  • 23 Posts
  • 2 Reply Likes
Also make sure you override the section of the self-registration web portal under the "Optional Advanced Configuration" if you do not have a DHCP scope on VLAN 1. Use the "Override the VLAN ID used during registration" section and make it a VLAN to which you do have DHCP available. Screenshot below:

Photo of mohd hafiz Mo

mohd hafiz Mo

  • 2 Posts
  • 1 Reply Like
Thanks guys for the replied,

I believe i had done all the mentioned configuration except the authentication order, and because i have no DHCP scope on my VLAN 1 or my management Vlan, i use the "Override the VLAN ID used during registration" to the Vlan which i do have the DHCP available.

Please correct if i'm wrong, to make it success, i need to configure intervlan routing on my backend to make the client and ppsk server communicate during the self registration, because from my observation, the self registration portal will load from the elected ppsk server AP.

If i really need to configure the intervlan routing, my concern now is, while client is getting IP and doing registration, they might able to access to my corp staff network or my management and its not secure anymore.