Some comments on your image: - Don't set the VLAN. That limits your flexibility if you want to do client classification on the user profile - You will need to set a username prefix and secret. - Set a PPSK start time, for when the first rotation will start - Assuming you want to reset all the keys every 180 days, set the rotation interval to 180 days. - Set the number of PSK rotations higher. Right now you have only set up a single rotation, so the keys will not change. Set the number to 10 (this will last you five years) - or higher. - Set the number of keys per rotation to exceed the number you know you need right now - just so you know there are more if you need them. 10 doesn't seem like many. - For a key that is only 8 characters long, you should definitely consider adding letters to the supported character types. You don't have much entropy with only 8 numbers in a 6 month key. Easier to crack with a rainbow table the way you have it.
Hi Andrew, Thanks for your comments. I have one question, the option :"Private-PSK start time" does it matter for the date? Here is an example, please correct me if I am wrong:
- PPSK start time: 14/05/2015 (PPSK start from this day) - PPSK life time: 1 days (live only 3 days) - PPSK rotation interval: (I dont get this option) - PPSK rotation: 3 (will be renew 3 times) - PPSK users to create per rotation: 10 (It will create 10 PPSK)
So the day after 15/05/2015, does PPSK will be recreated again with different password?