9.6 PSK Limit feature

  • 2
  • Idea
  • Updated 4 years ago
  • Implemented
From the Release Notes:
"Per user Dynamic PSK limits
ZoneDirector 9.6 now provides the ability to limit the number of Dynamic
Pre-Shared Keys generated per user.
This feature, configurable per WLAN, allows up to 4 individual mobile
devices to be securely connected per user login."

This is a great feature but a poor implementation. Let us set the limit, do not hard set it at 4 devices. I have several users with more than 4 devices and this will mean I cannot upgrade to this version.

Note: This topic was created from a reply on the ZoneFlex Release 9.6 now available ( topic.
Photo of Rob Coote

Rob Coote

  • 37 Posts
  • 6 Reply Likes

Posted 4 years ago

  • 2
Photo of Sid Sok

Sid Sok, Official Rep

  • 102 Posts
  • 48 Reply Likes
HI Rob,

We will pass your feedback on to our Product management team and put in a FR to have the limit changed or eliminated.

What's the use case where each device can not have it;s own DPSK, ideally each device should have it's own key, is this a key delivery mechanism issue or policy issue?

Photo of Rob Coote

Rob Coote

  • 37 Posts
  • 6 Reply Likes

Thanks for passing along the feedback.

I agree each device should have it's own DPSK. That being said there are cases where a single user might have more than 4. It might be a better option to allow the administrator to set the limit per user based on Role, perhaps?

I understand the need to have restrictions on this, working in a K-12 environment we have students that like to share logins. This prevents some of that abuse. On the other hand the guys in our IT department (such as myself) have more than 4 devices we might need to enroll on the wifi....

Photo of Rob Coote

Rob Coote

  • 37 Posts
  • 6 Reply Likes
Alright now that I've actually found the option - it does appear to be configurable, and is disabled by default. That being said 4 is the hard limit. If anything changes, I'd suggest perhaps this upper limit can be increased.
Photo of David Stiff

David Stiff, Employee

  • 7 Posts
  • 0 Reply Likes

Thanks for the feedback. You are correct that the intention of this feature was to prevent abuse where one user login can generate an unlimited number of DPSL entries and connect a bunch of devices. Would a top limit of 25 be acceptable?
Photo of Rob Coote

Rob Coote

  • 37 Posts
  • 6 Reply Likes
With the fact that it is enabled/disabled on a per-WLAN basis it's not really an issue for testing/lab scenarios. One could set up a mock production WLAN and simply disable this option if more than 4 devices are needed.

That being said, in the event your CEO is a technophile and has every device under the sun and absolutely *must* have them on your actual corporate WLAN, 4 might be low, but 25 might be too high.

I'd have to say 10 would be a reasonable hard limit.
Photo of Martin Kane

Martin Kane

  • 72 Posts
  • 7 Reply Likes
Surely just turning the feature off when the techie people want to add an extra device to the network would work. Turn the limit on again once they're done. From my understanding, the Limit Feature only limits the GENERATION of a DPSK, not the act of having one (or 15) too many.