transition/migrate to PPSK

  • 1
  • Question
  • Updated 3 years ago
  • Answered

I got new job in office with 5 AP330s, HMOL, no ID manager, and I am new to Aerohive. We have about 100 devices on the network, and many people know the WPA2 password, including ex-employees. I need advice on best way to transition the primary SSID from a WPA2-PSK to PPSK over the course of a week with the existing password continuing to to work. In addition, I would like to enable the PPSK to MAC address binding, but I don’t think I can do that during the transition since that is set by SSID, not at the PSK user group level. I hope I can turn PPSK-MAC binding on later?

My plan is to have all manually created private PSK users and, during the migration, one “legacy” user with the same password as our current PSK. The SSID will be set to allow at least 100 simultaneous clients per PPSK (which I later want to change to 1 after everyone is migrated). 

This process would be simpler if there were not the desire to keep the same SSID, I know. But if anyone has any suggestions how to do this better or a reason why this won’t work, I appreciate the input.

T

Photo of Tony Schaps

Tony Schaps

  • 28 Posts
  • 8 Reply Likes

Posted 3 years ago

  • 1
Photo of shutterbugguy

shutterbugguy

  • 5 Posts
  • 0 Reply Likes
Our (K-12 private) school is transitioning next week from a different (controller-based) wireless to Aerohive, and we will be implementing PPSKs. The old system has nine broadcast SSIDs, which is not good. The Aerohive will have TWO SSIDs when we're finished: ICS STAFF for 802.1x staff AD/Radius server authentication, and ICS COMMUNITY for everyone else. The ICS COMMUNITY has 13 different user groups in the Hive Manager, so we can manage the users by group settings, which will each route to different VLANs. We are restricting to two concurrent personal devices per PPSK per user, using a mail merge to email these random-generated PPSKs to the users' official email addresses. When the school members return after Spring Break, the new system will be live, and we will have one old SSID with WPA2 shared password available for two weeks. This way, the end users can access their email using the old SSID/WPA2, to retrieve information to change the SSID and they can copy/paste their PPSK. Our school is eight floors, two wings, with a total of 110 AP230s. We are excited to get the Hive going!
Photo of Tony Schaps

Tony Schaps

  • 28 Posts
  • 8 Reply Likes
Sounds great-- I agree, nine SSIDs would be a nightmare. It sounds like you can transition without needing to introduce PPSK to the same SSID without disruption, which is what I am needing to do. I used to work in educational tech, so I know the benefit of using breaks to implement and test new stuff; now I just get weekends. I've used HP Networking and Aruba at previous schools, and so far I really like the Aerohive system in comparison. Lots to learn quickly, though...
Thanks
(Edited)