G

3 Messages

 • 

90 Points

Mon, Oct 11, 2021 3:18 PM

ZD 1200 D-PSK based VLAN

Hello all,

I'm planning to connect WiFi devices (including IoT) on a same SSID but I need them to be included in a given VLAN depending on used PSK. The goal is to have x defined VLAN on x defined PSK.

For exemple, each device connected on SSID using PSK number 12 will be connected in VLAN 12.

I can have several SSIDs but less I have, better I am :) Tha fact is I know IoT devices MAC address in advance but I don't know laptops/smartphones/tablets.

Is it possible with D-PSK feature on ZD1200? or other like VSZ?

Thank you.

Guillaume

3 Messages

 • 

90 Points

7 d ago

Or maybe an other way to have IoT devices in assigned VLAN?

Employee

 • 

333 Messages

 • 

6.4K Points

7 d ago

Hi Guillaume,

Yes it's possible to allocate a VLAN based on the PSK in a DPSK-enabled WLAN on ZoneDirector (depending on the firmware version). 

More details here:

https://docs.commscope.com/bundle/zd-10.3-userguide/page/GUID-DA81811C-0374-4E4D-B9FC-95A22A98A9D3.html

I hope this helps,
Darrel.

3 Messages

 • 

90 Points

7 d ago

Hi Darrel,

thank you for your answer. So ok I can assign different VLAN to each IoT device depending on used PSK.

In the same way, is D-PSK can be used for hotel guests (laptops smartphones tablets) and connected into room VLAN? Is there a way to externalise PSKs database on mysql or radius ? or automatise room PSK renew through API or something?

Employee

 • 

333 Messages

 • 

6.4K Points

7 d ago

Hi Guillaume,

Yes, you configure a DPSK per device and bind it to each of the IOT devices' MAC address. Each DPSK can be configured with a specific VLAN.  See here for bulk creation: https://docs.commscope.com/bundle/zd-10.3-userguide/page/GUID-AEBF342E-387C-41BA-B704-3EEA08A20559.html

In a hospitality scenario; it is best to create a unique unbound DPSK (where MAC addresses are not tied to the DPSK) per door/room and allocate a unique VLAN to provide encrypted secure access for visitors. This is known as group DPSK.  Unfortunately this feature is only supported by Ruckus SmartZone and Ruckus Cloud, not ZoneDirector.

It is possible to create a group DPSK in ZoneDirector but MAC addresses will be bound to the DPSK, so it isn't suitable for use in a guest-access scenario.

The only way to externalise DPSK is with the Ruckus Cloudpath application.  Cloudpath provides virtually unlimited scalability for EDPSK (External DPSK). Cloudpath also supports

I hope this information helps.  If you need any further information I recommend you speak to your Ruckus partner. https://extapps.commscope.com/howtobuy/RuckusChannelPartner

Best regards,
Darrel.

Important Announcement