Skip to main content

38 Messages

 • 

654 Points

Fri, Jun 7, 2013 4:04 PM

Implemented

0

9.6 PSK Limit feature

From the Release Notes:
"Per user Dynamic PSK limits
ZoneDirector 9.6 now provides the ability to limit the number of Dynamic
Pre-Shared Keys generated per user.
This feature, configurable per WLAN, allows up to 4 individual mobile
devices to be securely connected per user login."

This is a great feature but a poor implementation. Let us set the limit, do not hard set it at 4 devices. I have several users with more than 4 devices and this will mean I cannot upgrade to this version.

Note: This topic was created from a reply on the ZoneFlex Release 9.6 now available (9.6.0.0.267) topic.

Responses

99 Messages

 • 

2K Points

7 years ago

HI Rob,

We will pass your feedback on to our Product management team and put in a FR to have the limit changed or eliminated.

What's the use case where each device can not have it;s own DPSK, ideally each device should have it's own key, is this a key delivery mechanism issue or policy issue?

Sid

38 Messages

 • 

654 Points

7 years ago

Sid,

Thanks for passing along the feedback.

I agree each device should have it's own DPSK. That being said there are cases where a single user might have more than 4. It might be a better option to allow the administrator to set the limit per user based on Role, perhaps?

I understand the need to have restrictions on this, working in a K-12 environment we have students that like to share logins. This prevents some of that abuse. On the other hand the guys in our IT department (such as myself) have more than 4 devices we might need to enroll on the wifi....

Rob

38 Messages

 • 

654 Points

7 years ago

Alright now that I've actually found the option - it does appear to be configurable, and is disabled by default. That being said 4 is the hard limit. If anything changes, I'd suggest perhaps this upper limit can be increased.

7 Messages

 • 

170 Points

7 years ago

Rob,

Thanks for the feedback. You are correct that the intention of this feature was to prevent abuse where one user login can generate an unlimited number of DPSL entries and connect a bunch of devices. Would a top limit of 25 be acceptable?

38 Messages

 • 

654 Points

7 years ago

With the fact that it is enabled/disabled on a per-WLAN basis it's not really an issue for testing/lab scenarios. One could set up a mock production WLAN and simply disable this option if more than 4 devices are needed.

That being said, in the event your CEO is a technophile and has every device under the sun and absolutely *must* have them on your actual corporate WLAN, 4 might be low, but 25 might be too high.

I'd have to say 10 would be a reasonable hard limit.

77 Messages

 • 

1.2K Points

7 years ago

Surely just turning the feature off when the techie people want to add an extra device to the network would work. Turn the limit on again once they're done. From my understanding, the Limit Feature only limits the GENERATION of a DPSK, not the act of having one (or 15) too many.

Cheers