Select Local as the password database location on the New User
Group screen.
When you configure a user group for an Enterprise 802.1X SSID, the password database
always resides in the cloud. For a user group for a Private Pre-Shared Key (PPSK)
SSID, the password database can reside in the cloud or local on all SSID APs. Use
this task to configure a local user group.
-
Fill in the following
fields:
- For Password
Type, select PPSK.
- Enter an optional user group description.
- Select Set the maximum
number of clients per private PSK to set per-user PPSK
limits for different users in the same wireless network (SSID). Because
you can set per-user PPSK limits for different users in the same SSID,
you no longer need to configure an SSID for each user group (for
instance, with three devices per employee). Multiple per-user PPSK
limits can be set in the same (SSID).
- Select Enable use for
Private Client Group when you are creating a private
client group (PCG) in this user group.
- Select one of the
following PCG operating modes:
Note
After you select the
PCG operating mode, you cannot change your selection because the
different modes create non-transferrable passwords.
- AP-Based: An AP-based PCG uses unique user and
shared keys. This mode supports common shared devices within
personal network spaces. It also requires room assignments for
AP anchoring and traffic tunneling
- Key-Based: A key-based PCG requires one
password used by the entire group of devices. Key-based PCGs do
not need room assignments, and no traffic tunneling is used on
anchor APs.
- Both: Supports both AP-based and key-based
modes.
Note
Each network
policy can have only one AP-based PCG wireless network (SSID), one
key-based PCG SSID, and any number of non-PCG SSIDs.
-
Select Enable user for PPSK Classification only to
create a single SSID and distribute unique guest passwords for each location.
-
Configure password settings as follows:
- Select any combination of characters to use for the password:
Letters, Numbers, and
Special Characters). To enforce password
complexity, select All selected character types,
Any selected character types, or
Only one character type from the drop-down
list.
- For PSK Generation Method select
Password Only or User String
Password. The User String Password option lets you
include a string of characters in the generated Private PSKs.
- Enter the length of automatically-generated passwords for this user
group. If the generation method is Password Only,
then the PPSK password can be between eight and 63 characters. If the
generation method is User + String + Password,
then the maximum passphrase for the Private PSK can be between eight and
31 characters.
- If you selected User String Password above, enter
a character string from 0 to eight alphanumeric characters. This string
will be used to generate Private PSKs in the form
User name +
Character String + Password
. For example, if you enter
Extreme, the generated Private PSKs are
<user name>Extreme<Password>
.
-
Configure Expiration
Settings as follows:
- To force
re-authentication after a session has been inactive for a period of
time, select Require Authentication After and enter a time in the
minutes field.
- For Account
Expiration: Select Never
Expire or Valid During
Dates from the drop-down list. If you select Valid During
Dates, complete the displayed fields, which define the
time frame during which the account is valid.
- Action at
Expiration: (Not available for accounts that are set to
never expire.)
- Select Access
Rejected to block users from renewing their
credentials.
- Select Show
Expiration Message to send users an on-screen
prompt that they can use to renew their credentials.
-
Select Text Messages (SMS), or
Email, or both to define the user group's
notification method.
-
Select Add User to add a single user to this user group
or Bulk Create to add multiple users at the same
time.
-
Select SAVE.