Mist MPSK – Part 1

Most wireless vendors have a solution around using unique PSKs for client devices. Recently I had a chance to do a little deep dive into the solution provided by Mist. I am going to look at the following features:

  • Creating an SSID ready for MPSKs
  • Ability to create MPSK
    • Ability to assign VLANs (this is a really cool feature)
  • Ability to import/migrate from other vendors

Creating an SSID:

Creating an SSID is really straight forward with minor changes under the Security section. Choose –> WPA-2/PSK with multiple passphrases; choose configure as a personal WLAN if you want to secure it even further.

Mist – WPA2/PSK with multiple passphrases

Next under the VLAN section; choose –> List and type the VLANs you will be assigning. That is it. You are done creating an SSID for MPSK.

Mist – VLAN List

Creating an MPSK:

Under Organization and Pre-Sharedkey is where MPSKs can be created:

Mist – Pre-Shared Keys

There are multiple ways this can be accomplished:

Mist – Pre-Shared Keys
  • Add Key – Will allow you to add a single key
  • Import – Will allow you to import a csv file
  • APIs – Utilize APIs to create keys.

Add Key:

I am able to add keys one by one as shown below. Each can be assigned to multiple users and/or a single user. Works great for IoT devices. One of the coolest feature in here I like is the ability to assign the VLAN based on the passphrase and key for the same SSID. NOTE: RADIUS can be utilized for these keys but in my case I am utilizing local keys with no RADIUS server.

Mist – Add Pre-Shared Key

Import Keys:

Importing keys is great when there is a need to add multiple keys. I would not want to add 100’s of keys one by one. Instead I can simply utilize a CSV file to import the keys. This is also useful when you are looking to migrate from another vendor and their legacy solution. Note that it actually allows a sample file download:

Mist – Pre-Shared Keys Sample File

I simply created two keys using the CSV file. All I had to do was to drag and drop them in the Mist UI. NOTE: If there is an error Mist UI will tell you what is wrong. In my case I did not name the keys long enough, minimum is five.

Final result after importing the file:

Mist – Pre-Shared Keys created using a csv

Now I have a single SSID with two MPSKs assigned to two different VLANs. Let’s test out the connectivity. Here is my VLAN mapping:

  • SSID: iot_stuff
  • VLAN20 – 192.168.20.0/24
  • VLAN30 – 192.168.30.0/24

In part two of this series I will continue with some deep dive and additional tips.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

4 thoughts on “Mist MPSK – Part 1”

  1. Does it need an additional subscription for the following feature to show up?

    i.e. under org > pre shared keys

    If yes what is the SKU and price?

    1. As far as I know you do not need any special subscription for this feature. You can configure it using APIs, but if you want to do it from the UI you have to contact support and have them enable that feature.

WordPress SEO