ppsk-user
Format
ppsk-user psk { pass-phrase | hex } key-value [ user-name user-name | user-group user-group | vlan vlan-id | expire-date expire-date [ expire-hour expire-hour ] | max-device max-device-number | branch-group branch-group | mac-address mac-address ]* ssid ssid
ppsk-user user-name user-name { ssid ssid | { user-group user-group | vlan vlan-id | expire-date expire-date [ expire-hour expire-hour ] | max-device max-device-number | branch-group branch-group | mac-address mac-address }* }
undo ppsk-user user-name user-name [ user-group | vlan | expire-date [ expire-hour ] | max-device | branch-group | mac-address ]*
undo ppsk-user { expired | all }
Parameters
Parameter |
Description |
Value |
|---|---|---|
pass-phrase |
Specifies a key phrase. |
- |
hex |
Specifies a hexadecimal number. |
- |
key-value |
Specifies a password in cipher text. |
The value is of 8 to 63 ASCII characters in plain text, 64 hexadecimal characters in plain text, or 48 or 68 or 88 or 108 characters in cipher text. The question mark (?) is supported, which you can enter by pressing Ctrl+T. The value cannot contain the space and double quotation mark (") at the same time. When the password contains a space, enclose the string with the double quotation marks (") when entering the password. For example, if the password is abc123 ABC, enter "abc123 ABC". NOTE:
To improve
security, you are advised to configure a password that contains at
least two of the following: digits, lowercase letters, uppercase letters,
and special characters. |
user-name user-name |
Specifies the PPSK user name. If user-name is not specified, the user name name ppsk_auto_user_xxx is automatically generated, in which xxx indicates a serial number. If the parameter user-name is specified, ensure that the user name is unique. |
The value is a string of 1 to 64 case-insensitive characters. It cannot contain spaces, asterisk, double quotation mark and question mark. |
user-group user-group |
Specifies the user group to which the PPSK user is bound. The PPSK user is authorized based on the user group. |
The value is a string of 1-64 case-sensitive characters without spaces and the following symbols: / \ : * ? " < > | @ ' %. The value cannot be - or --. |
vlan vlan-id |
Specifies the authorization VLAN to which the PPSK user is bound. The PPSK user is authorized based on the VLAN. |
The value is an integer that ranges from 1 to 4094. |
expire-date expire-date [ expire-hour expire-hour ] |
Specifies the expiration time of the PPSK user, after which the PPSK user is not allowed to access the network. If this parameter is not specified, the expiration time is 2099-12-31. The value can be:
|
The value of expire-date is in YYYY/MM/DD format and ranges from 2000/1/1 to 2099/12/31. The value of expire-hour is an integer that ranges from 0 to 23. |
max-device max-device-number |
Specifies the maximum number of access users allowed in an authentication profile. After this parameter is specified, only the specified number of users are allowed to access the network. |
The value is an integer that ranges from 1 to 4294967295. |
branch-group branch-group |
Specifies the branch AP group to which the PPSK user belongs. After this parameter is specified, PPSK users at the branch can still access the Internet if the branch network is disconnected from the HQ network. |
The value is a string of 1 to 35 characters. |
mac-address mac-address |
Specifies the MAC address bound to the PPSK user. After this parameter is specified, only the user with the bound MAC address is allowed to access the network. |
The value is in H-H-H format and an H is a hexadecimal number of 4 digits. |
| ssid ssid | Specifies the SSID with which the PPSK user is associated. |
The value is a string of 1 to 32 case-sensitive characters. It supports Chinese characters or Chinese + English characters, without tab characters. To start an SSID with a space, you need to encompass the SSID with double quotation marks (" "), for example, " hello". The double quotation marks occupy two characters. To start an SSID with a double quotation mark, you need to add a backslash (\) before the double quotation mark, for example, \"hello. The backslash occupies one character. |
expired |
Deletes all expired PPSK users. |
- |
all |
Deletes all PPSK users. |
- |
Usage Guidelines
Application Scenario
WPA/WPA2-PSK authentication is easy to deploy. However, all STAs associated with the same SSID share the same PSK, which may cause unauthorized STAs to share the PSK, leading to security risks. WPA/WPA2-PPSK authentication inherits advantages of WPA/WPA2-PSK authentication, and can provide different PSKs for STAs, improving network security.
Run the ppsk-user psk { pass-phrase | hex } key-value [ user-name user-name | user-group user-group | vlan vlan-id | expire-date expire-date [ expire-hour expire-hour ] | max-device max-device-number | branch-group branch-group | mac-address mac-address ]* ssid ssid command to create a PPSK user, and specify the PPSK user's name, user group and authorization VLAN to which it is bound, expiration time, maximum number of access users, branch AP group to which it belongs, bound MAC address, and associated SSID.
After a PPSK user is created for the first time, you can update parameters of the PPSK user by running the ppsk-user user-name user-name { ssid ssid | { user-group user-group | vlan vlan-id | expire-date expire-date [ expire-hour expire-hour ] | max-device max-device-number | branch-group branch-group | mac-address mac-address }* } command.
Pre-configuration Tasks
The authentication mode has been set to PPSK authentication using the security psk command in the security profile view.
Precautions
- AC6003: 1024
- AC6005, AC6508, and AC6507S: 2048
- AC6605, ACU2, AC6805, and AC6800V: 10240
Example
# Create a PPSK user whose PPSK is abcdfffffg123. Set the user name to user1, User group to which the PPSK user belongs to user-group1, expiration time to 10:00 2019-12-01, maximum number of access users to 10, branch group to default, and associated SSID to huawei.
<AC6605> system-view [AC6605] wlan [AC6605-wlan] ppsk-user psk pass-phrase abcdfffffg123 user-name user1 user-group user-group1 expire-date 2019/12/1 expire-hour 10 max-device 10 branch-group default ssid huawei
