Support for Multiple PSK in WLAN SSID

Aruba Central allows you to configure multiple PSK Pre-shared key. A unique shared secret that was previously shared between two parties by using a secure channel. This is used with WPA security, which requires the owner of a network to provide a passphrase to users for network access. (MPSK) in WLAN Wireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. network profiles that include APs running a minimum of Aruba Instant 8.4.0.0 firmware version and later. MPSK enhances the WPA2 Wi-Fi Protected Access 2. WPA2 is a certification program maintained by IEEE that oversees standards for security over wireless networks. WPA2 supports IEEE 802.1X/EAP authentication or PSK technology, but includes advanced encryption mechanism using CCMP that is referred to as AES. PSK Pre-shared key. A unique shared secret that was previously shared between two parties by using a secure channel. This is used with WPA security, which requires the owner of a network to provide a passphrase to users for network access. mode by allowing device-specific or group-specific passphrases, which are generated by ClearPass Policy Manager ClearPass Policy Manager is a baseline platform for policy management, AAA, profiling, network access control, and reporting. With ClearPass Policy Manager, the network administrators can configure and manage secure network access that accommodates requirements across multiple locations and multivendor networks, regardless of device ownership and connection method. and sent to the Instant AP.

WPA2 Wi-Fi Protected Access 2. WPA2 is a certification program maintained by IEEE that oversees standards for security over wireless networks. WPA2 supports IEEE 802.1X/EAP authentication or PSK technology, but includes advanced encryption mechanism using CCMP that is referred to as AES. PSK Pre-shared key. A unique shared secret that was previously shared between two parties by using a secure channel. This is used with WPA security, which requires the owner of a network to provide a passphrase to users for network access. -based deployments generally consist of a single passphrase configured as part of the WLAN Wireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. SSID Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. profile. This single passphrase is applicable for all clients that associate with the SSID Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network.. Starting from Aruba Instant 8.4.0.0, multiple PSKs in conjunction with ClearPass Policy Manager ClearPass Policy Manager is a baseline platform for policy management, AAA, profiling, network access control, and reporting. With ClearPass Policy Manager, the network administrators can configure and manage secure network access that accommodates requirements across multiple locations and multivendor networks, regardless of device ownership and connection method. are supported for WPA Wi-Fi Protected Access. WPA is an interoperable wireless security specification subset of the IEEE 802.11 standard. This standard provides authentication capabilities and uses TKIP for data encryption. and WPA2 Wi-Fi Protected Access 2. WPA2 is a certification program maintained by IEEE that oversees standards for security over wireless networks. WPA2 supports IEEE 802.1X/EAP authentication or PSK technology, but includes advanced encryption mechanism using CCMP that is referred to as AES. PSK Pre-shared key. A unique shared secret that was previously shared between two parties by using a secure channel. This is used with WPA security, which requires the owner of a network to provide a passphrase to users for network access. -based deployments. Every client connected to the WLAN Wireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. SSID Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. can have its own unique PSK Pre-shared key. A unique shared secret that was previously shared between two parties by using a secure channel. This is used with WPA security, which requires the owner of a network to provide a passphrase to users for network access. .

A MPSK passphrase requires MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. authentication against a ClearPass Policy Manager ClearPass Policy Manager is a baseline platform for policy management, AAA, profiling, network access control, and reporting. With ClearPass Policy Manager, the network administrators can configure and manage secure network access that accommodates requirements across multiple locations and multivendor networks, regardless of device ownership and connection method. server. The MPSK passphrase works only with wpa2-psk-aes encryption and not with any other PSK Pre-shared key. A unique shared secret that was previously shared between two parties by using a secure channel. This is used with WPA security, which requires the owner of a network to provide a passphrase to users for network access. -based encryption. The Aruba-MPSK-Passphrase radius VSA Vendor-Specific Attribute. VSA is a method for communicating vendor-specific information between NASs and RADIUS servers. is added and the ClearPass Policy Manager ClearPass Policy Manager is a baseline platform for policy management, AAA, profiling, network access control, and reporting. With ClearPass Policy Manager, the network administrators can configure and manage secure network access that accommodates requirements across multiple locations and multivendor networks, regardless of device ownership and connection method. server populates this VSA Vendor-Specific Attribute. VSA is a method for communicating vendor-specific information between NASs and RADIUS servers. with the encrypted passphrase for the device.

The workflow is as follows:

1. A user registers the device on a ClearPass Policy Manager ClearPass Policy Manager is a baseline platform for policy management, AAA, profiling, network access control, and reporting. With ClearPass Policy Manager, the network administrators can configure and manage secure network access that accommodates requirements across multiple locations and multivendor networks, regardless of device ownership and connection method. guest-registration or device-registration webpage and receives a device-specific or group-specific passphrase.

2. The device associates with the SSID Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. using wpa2-psk-aes encryption and uses MPSK passphrase.

3. The Instant AP performs MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. authentication of the client against the ClearPass Policy Manager ClearPass Policy Manager is a baseline platform for policy management, AAA, profiling, network access control, and reporting. With ClearPass Policy Manager, the network administrators can configure and manage secure network access that accommodates requirements across multiple locations and multivendor networks, regardless of device ownership and connection method. server. On successful MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. authentication, the ClearPass Policy Manager ClearPass Policy Manager is a baseline platform for policy management, AAA, profiling, network access control, and reporting. With ClearPass Policy Manager, the network administrators can configure and manage secure network access that accommodates requirements across multiple locations and multivendor networks, regardless of device ownership and connection method. returns Access-Accept Response from the RADIUS server indicating successful authentication and containing authorization information. with the VSA Vendor-Specific Attribute. VSA is a method for communicating vendor-specific information between NASs and RADIUS servers. containing the encrypted passphrase.

4. The Instant AP generates a PSK Pre-shared key. A unique shared secret that was previously shared between two parties by using a secure channel. This is used with WPA security, which requires the owner of a network to provide a passphrase to users for network access. from the passphrase and performs 4-way key exchange.

5. If the device uses the correct per-device or per-group passphrase, authentication succeeds. If the ClearPass Policy Manager ClearPass Policy Manager is a baseline platform for policy management, AAA, profiling, network access control, and reporting. With ClearPass Policy Manager, the network administrators can configure and manage secure network access that accommodates requirements across multiple locations and multivendor networks, regardless of device ownership and connection method. server returns Access-Reject Response from RADIUS server indicating that a user is not authorized. or the client uses incorrect passphrase, authentication fails.

6. The Instant AP stores the MPSK passphrase in its local cache for client roaming. The cache is shared between all the Instant APs within a single cluster. The cache can also be shared with standalone Instant APs in a different cluster provided the APs belong to the same multicast VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN.. Each Instant AP first searches the local cache for the MPSK information. If the local cache has the corresponding MPSK passphrase, the Instant AP skips the MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. authentication procedure, and provides access to the client.

 

When multiple PSK Pre-shared key. A unique shared secret that was previously shared between two parties by using a secure channel. This is used with WPA security, which requires the owner of a network to provide a passphrase to users for network access. is enabled on the wireless SSID Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. profile, make sure that MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. authentication is not configured for RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  authentication. Multiple PSK Pre-shared key. A unique shared secret that was previously shared between two parties by using a secure channel. This is used with WPA security, which requires the owner of a network to provide a passphrase to users for network access. and MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. authentication are mutually exclusive and follows a special procedure which does not require enabling MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. authentication in the WLAN Wireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. SSID Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. manually. Also, ensure that the RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  server configured for the wireless SSID Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. profile is not an internal server.

Points to Remember

The following configurations are mutually exclusive with MPSK for the WLAN Wireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. SSID Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. profile and does not require to be configured manually:

MPSK and MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. authentication

MPSK and Blacklisting

MPSK and internal RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  server

Configuring Multiple PSK for Wireless Networks

1. In the Network Operations app, use the filter to select a group or a device.

2. Under Manage, click Devices > Access Points.

3. Click the configuration icon to display the AP configuration page.

1. Go to WLANS > Add SSID.

2. To modify an existing profile, go to WLANS to select a wireless SSID Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. from the list of networks that is required to be edited.

3. Click the Security tab.

4. Select Personal from the Security Level. The authentication options applicable to the Enterprise network are displayed.

5. From the Key Management drop-down list, select the MPSK-AES option.

6. From the Primary Server drop-down list, select a server. The radius server selected from the list is the CPPM server.

7. Click Next to complete the encryption configuration.