Creating a Network That Uses a Dynamic Pre-Shared Key

You can create a network authenticated by a unique passphrase created by using dynamic pre-shared key (DPSK).

Complete the following steps to create a DPSK-protected network.
Note: Currently, for the DPSK settings, configuration of WPA2/WPA3 mixed mode as the Security Protocol is available only to the Admins that have opted for the RUCKUS One Beta Program. To use this feature, you must participate in the RUCKUS One Beta Program by following the process: on the navigation bar, click Administration > Account Management > Settings > Enable RUCKUS One Beta Features. Review and accept RUCKUS One Beta Terms and Conditions. For more information, refer to Setting up Your Account.
  1. On the navigation bar, click Wi-Fi > Wi-Fi Networks > Wi-Fi Networks List.
    The Networks page is displayed.
  2. Click Add Wi-Fi Network. Alternatively, select a DPSK network setting that you want to copy and click Clone at the top of the table.
    The Create New Network page is displayed.
  3. Complete the following settings in the Network Details page.
    • Network Name: Enter a name (up to 32 characters) that you want assign to the network.
    • Set different SSID: Use this option to configure the SSID different from the network name.
    • Description: Enter a description (up to 64 characters) to help you identify the network using.
    • Network Type: Select Dynamic Pre-Shared Key (DPSK).
    When the network type is selected, a structure diagram of a DPSK type of network displays.
  4. Click Next.
    The DPSK Settings page is displayed.
    DPSK Settings Page
  5. Complete the settings on the DPSK Settings page.
    • Security Protocol : Select WPA or WPA2(recommend) from the drop-down list. By default, WPA2(recommend) is selected.
    • WPA2 (Recommended) is strong Wi-Fi security that is widely available on all mobile devices manufactured after 2006. WPA2 should be selected unless you have a specific reason to choose otherwise.
    • WPA security can be configured if you have older devices that do not support WPA2. These devices were likely manufactured before 2006. RUCKUS recommends that you upgrade or replace the older devices. 6 GHz radios are supported with WPA3 only.
    • WPA2/WPA3 mixed mode supports the high-end WPA3, which is the highest level of Wi-Fi security available and WPA2 which is still common and still provides good security. In general, mobile devices manufactured after 2006 support WPA2 and devices manufactured after 2019 support WPA3.
      Note: Wi-Fi-6E clients must connect on 2.4 GHz/ 5 GHz to bound the passphrase first and then connect to service DPSK network on 6 GHz radio.​
    • Use the DPSK Service: Select the radio button to enable this option and configure the DPSK Service. This option is disabled if you enable the Use the RADIUS Server option.
      • DPSK Service: Select the existing DPSK service from the drop-down list or complete the following steps to add a new DPSK service.
        1. Click Add DPSK Service and configure a new DPSK service. For more information, refer to Adding a DPSK Service.
    • Use the RADIUS Server: Select the radio button to enable this option and configure the RADIUS Server.
      Note: This option is grayed out if you select the Security Protocol as WPA2/WPA3 mixed mode.
      • Authentication Service: Select the existing RADIUS Server from the drop-down list or complete the following steps to add a new RADIUS Server.
        1. Click Add Server and configure a new RADIUS Server. For more information, refer to Creating a Radius Server Profile.
      • Proxy Service: By default, Proxy Service is enabled. A proxy for a RADIUS server acts as an intermediary to handle authentication and accounting requests.
        Note: The Authentication Service is supported in both proxy and non-proxy modes, while the Accounting Service is supported only in proxy mode.
      • Accounting Service: Toggle the switch to ON to enable this option and select the existing RADIUS Server from the drop-down list or complete the following steps to add a new RADIUS Server.
        1. Click Add Server and configure a new RADIUS Server. Refer to Creating a Radius Server Profile.
  6. Click Show more settings.

    By default, the VLAN sub-tab is displayed. Each sub-tab includes additional Wi-Fi configuration options to configure the settings of your preference. Refer to Configuring Additional Settings for a Wi-Fi Network to configure each of the available settings.

  7. Click Next.
    The Venues page is displayed.
    Venues Page
  8. Complete the following steps to configure a venue:
    1. Select the venues in which you want to activate this network:
      • To activate the network in all of your venues, select the check box beside Venue at the top of the table and click Activate.
      • To activate the network in a specific venue, locate the venue from the list, and set the switch to ON in the Activated column.

      The APs, Radio, and Scheduling of the selected venue is displayed in the table.

      Select Venues
    2. By default, this network configuration is applicable for all APs and with Radio Band of 2.4 and 5 GHz. To select specific AP groups and modify Radio Band, complete the following steps:
      1. Click All APs in the APs column. The Select APs dialog box is displayed. To activate this network on all current and future APs at this venue. You can also choose a radio band of 2.4 GHz, 5 GHz, or both.
        Select APs Dialog Box
      2. Click Select specific AP groups to activate this network on specific AP groups including any AP that is added to selected AP groups in the future. The APs not assigned to any group option is displayed. After APs not assigned to any group is selected, VLAN and Radio Band options are displayed:
        Select specific AP groups
      3. In the VLAN option, by default VLAN-1 is selected. Click Edit (pencil icon) icon and configure the VLAN or VLAN pool for the selected AP group.
      4. In the Radio Band option, select 2.4 GHz, 5 GHz, or both 2.4 and 5 GHz from the drop-down list for the selected AP group.
      5. Click Apply.
    3. By default, this network configuration is scheduled for 24/7. To configure the Scheduling, complete the following steps:
      1. Click 24/7 in the Scheduling column. The Schedule for Network <network-name> in Venue <venue-name> dialog box is displayed. You can also choose a schedule of 24/7 or follow below steps to customize the schedule.
        Schedule for Network Dialog Box
        1. Click Custom Schedule.
        2. Network schedule is customized as per your requirement. You can configure the schedule for Monday through Sunday and from midnight to midnight (from 00:00 hours through 23.59 hours). For more information, click See tips. The Network Scheduler Tips dialog box is displayed.
          Network Scheduler Tips
        3. Click OK to close the Network Scheduler Tips dialog box.
        4. Click Apply.
  9. Click Next.
    The Summary page is displayed.
  10. Review the settings that you configured.
  11. Click Add.
    The newly added DPSK network is displayed in the Wi-Fi Network List page.
    DPSK Wi-Fi Networks
  12. Click Show Onboard Network to view the onboarding SSID.
    The onboarding network details is displayed.
    Displaying Onboarding Networks
    Note: The following are a few DPSK network-related known limitations:
    • An administrator cannot modify the Intermediate DPSK WLAN configuration.
    • With the deployment limitation for 6GHz, when both 2.4 and 5 GHz services are turn off, a client cannot bound the passphrase with the DPSK service.
    • If a client does not follow 11v BTM request, the client behavior might not work as expected.
    • When the DPSK network with the Security Protocol configured as WPA2/WPA3 mixed mode is removed, the on-boarding network also will be removed.
    • Currently, the DPSK network does not support external authentication via external Cloudpath.