TeacherView and PPSKs

  • 2
  • Question
  • Updated 3 years ago
  • Answered
Is it possible to utilise permanent PPSKs rather than an external authentication server, such as Active Directory, for student authentication in TeacherView? If so, are there any major disadvantages compared to using Active Directory authentication?

I am doing some "free" work with a local school and very small education deployments are not my "bread and butter" deployments.
Photo of Crowdie

Crowdie, Champ

  • 972 Posts
  • 272 Reply Likes

Posted 5 years ago

  • 2
Photo of Abby S

Abby S, Employee

  • 94 Posts
  • 47 Reply Likes
hiya - absolutely, PPSK works great. So does Captive Web Portal. In fact, any auth solution, even MAC auth (but who still uses that for mobile devices? ;-) would work. As long as the Aerohive auth engine can associate a MAC address to a username, and that username is contained in the list of students assigned to a class at a particular time, TeacherView will allow control over those devices.
Photo of Crowdie

Crowdie, Champ

  • 972 Posts
  • 272 Reply Likes
Abby,

Thanks for the quick reply.

I found one of your really useful videos on YouTube (https://www.youtube.com/watch?v=DBJbZB...) but the resolution isn't great. Is there a way to access a higher resolution version of this video?
Photo of Abby S

Abby S, Employee

  • 94 Posts
  • 47 Reply Likes
hiya, I was looking for a larger version of this video but it's so old anyway I'm not sure how useful it will be. Is there something specific I can help you with?
Photo of Crowdie

Crowdie, Champ

  • 972 Posts
  • 272 Reply Likes
Abby,

I did some testing of TeacherView to see how suitable it is for use at a primary school (what I believe you call an elementary school) and found the following issues:

1. If a student is already connected to a website before the teacher logs into TeacherView you seem to be in a "free for all situation" until the teacher blocks Internet access and applies a "direct students to this web page" rule. Is there a way to block Internet access until the teacher logs in?



2. When the teacher applies a "direct students to this web page" rule the student's iPad, for example, is not directed to the specified site. Is it possible to add functionality to force the student's wireless device to the web page specified. This would act like a guided tour.

3. Even after a "direct students to this web page" rule has been applied and the wireless client has been redirected to the specified web page the student's "Current WebSite/Resources" field does not change to reflect this. The field does not change even after a refresh of the "Class View":



If the teacher adds a new "direct students to this web page" rule and the student's mobile device is redirected to the new web page the student's "Current WebSite/Resources" field remains with its original value.
Photo of Abby S

Abby S, Employee

  • 94 Posts
  • 47 Reply Likes
Hiya,
These are all great ideas! Let's take them one by one:
1) It's not really "free for all", but rather whatever the students are normally subject to on the school network based on their identity, device, location, and time of connection (and if you use client management, ownership of the device). Students can't suddenly access content that has been prohibited by the firewall or your URL filter, but access is "on" or "status quo" until the teacher signs in to apply additional controls.
2) of course this would be ideal, but it would also require some sort of agent on the end user device. We can't force an HTTP get; we can only intercept the http request once it is initiated by the client. If this is behavior you really want, you need an agent-based student control solution like LANschool. Keep in mind though that agent-based means you can only support clients that have the agent installed, whereas our solution is independent of operating system and device.
3) this might be a bug or a refresh issue. If this one doesn't resolve itself within a couple minutes, it may be worth talking to your favorite support rep! :-)
Photo of Crowdie

Crowdie, Champ

  • 972 Posts
  • 272 Reply Likes
Dear Abby,

(1) Understood.

(2) It looked like an HTTP 302 redirect was in use but if you don't ask you don't get :-)

(3) I will test under different browsers as I commonly find issues with different browsers displaying objects differently. I tested it under Firefox 23.
Photo of James Wildman

James Wildman

  • 4 Posts
  • 0 Reply Likes
Hi Abby,

We were told that when using Teacher View with PPSKs there was no way to associate a student to a device without knowing the MAC address of the student’s device beforehand. Since we’re a completely BYOD school we won’t know the MAC addresses of student devices, and they may change from day to day.

Our understanding is that Teacher View based on student names requires RADIUS or CWP. Is this not correct?
Photo of Abby S

Abby S, Employee

  • 94 Posts
  • 47 Reply Likes
hi James,

I am sorry for the misunderstanding. We may have an imperfection in a recent release if it is not working for you, but as long as we know the identity of the user (which can be determined by anything that touches our auth engine - PPSK, CWP, 802.1X, MAC auth), we can tie the identity to the list of students configured for TeacherView. This should absolutely work and if it doesn't please open a ticket with our support team so we can address it.
thanks,
abby
Photo of James Wildman

James Wildman

  • 4 Posts
  • 0 Reply Likes
Abby,

Thank you, we are going to test this. Our other option was going to be 802.1X with PEAP.

Regards,
James
Photo of Crowdie

Crowdie, Champ

  • 972 Posts
  • 272 Reply Likes
I did my testing using iPad 2s authenticating using permanent PPSKs so it definitely works with PPSKs.

The documentation does imply that only RADIUS based authentication is supported so I understand your confusion.
Photo of Abby S

Abby S, Employee

  • 94 Posts
  • 47 Reply Likes
Crowdie -thanks for the confirmation and heads up. I asked our fabulous TechPubs team to make sure our docs are clear on this! :-)
Photo of Crowdie

Crowdie, Champ

  • 972 Posts
  • 272 Reply Likes
The documentation is technically true but confusing. If you enable RADIUS debugging on an AP and then connect using a PPSK you can see RADIUS being utilised to check the PPSK.

However, when people think of RADIUS they think of external authentication servers, such as Active Directory, rather then PPSKs.
Photo of Robert Nicholas

Robert Nicholas, Employee

  • 7 Posts
  • 6 Reply Likes
Hi, Crowdie--

Can you point me to the troublesome document? I'll see if I can wrestle the details into place for you.
Photo of Greg Hill

Greg Hill

  • 1 Post
  • 0 Reply Likes
Hi I had the RADIUS looks like it has to be enabled question as well. Here is the address to the document. look at #1 under setup...
http://www.aerohive.com/330000/docs/h...
Photo of Kevin Whelan

Kevin Whelan

  • 53 Posts
  • 2 Reply Likes
I can't seem to get any ppsk clients to show up as active class members,they are in client monitor and are identified properly their during the correct time period for the class.

should the studentid in the roster be the ppsk?
it wont let me use their name for studentroster as it has a space in it.
I seem to be so close but just unable to get the final stage
Photo of Amanda

Amanda

  • 396 Posts
  • 25 Reply Likes
New question on old (answered) thread deserves a new thread.

Please reference the new conversation here: Can't get any ppsk clients to show up as active class members