Configure a Local User Group

• For Password Type, select PPSK.
• Enter an optional user group description.
• Select Set the maximum number of clients per private PSK to set per-user PPSK limits for different users in the same wireless network (SSID). Because you can set per-user PPSK limits for different users in the same SSID, you no longer need to configure an SSID for each user group (for instance, with three devices per employee). Multiple per-user PPSK limits can be set in the same (SSID).
• Select Enable use for Private Client Group when you are creating a private client group (PCG) in this user group.
• Select one of the following PCG operating modes:
  

  Note

  After you select the PCG operating mode, you cannot change your selection because the different modes create non-transferrable passwords.
  • AP-Based: An AP-based PCG uses unique user and shared keys. This mode supports common shared devices within personal network spaces. It also requires room assignments for AP anchoring and traffic tunneling
  • Key-Based: A key-based PCG requires one password used by the entire group of devices. Key-based PCGs do not need room assignments, and no traffic tunneling is used on anchor APs.
  • Both: Supports both AP-based and key-based modes.
  

  Note

  Each network policy can have only one AP-based PCG wireless network (SSID), one key-based PCG SSID, and any number of non-PCG SSIDs.

Use this option with a Private Pre-Shared Key SSID Authentication network policy. See Configure Private Pre-Shared Key SSID Authentication for more information.

• Select any combination of characters to use for the password: Letters, Numbers, and Special Characters). To enforce password complexity, select All selected character types, Any selected character types, or Only one character type from the drop-down list.
• For PSK Generation Method select Password Only or User String Password. The User String Password option lets you include a string of characters in the generated Private PSKs.
• Enter the length of automatically-generated passwords for this user group. If the generation method is Password Only, then the PPSK password can be between eight and 63 characters. If the generation method is User + String + Password, then the maximum passphrase for the Private PSK can be between eight and 31 characters.
• If you selected User String Password above, enter a character string from 0 to eight alphanumeric characters. This string will be used to generate Private PSKs in the form User name + Character String + Password. For example, if you enter Extreme, the generated Private PSKs are <user name>Extreme<Password>.

• To force re-authentication after a session has been inactive for a period of time, select Require Authentication After and enter a time in the minutes field.
• For Account Expiration: Select Never Expire or Valid During Dates from the drop-down list. If you select Valid During Dates, complete the displayed fields, which define the time frame during which the account is valid.
• Action at Expiration: (Not available for accounts that are set to never expire.)
  • Select Access Rejected to block users from renewing their credentials.
  • Select Show Expiration Message to send users an on-screen prompt that they can use to renew their credentials.