MPSK Local

The MPSK Multi Pre-Shared Key. The Cloud Authentication and Policy server enables MPSK in a WLAN network in Aruba Central, to provide seamless wireless network connection to the end-users and client devices. Local operating mode allows to configure 24 pre-shared keys per SSID Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. without an external policy engine like ClearPass Policy Manager. These local PSKs serve as an extension of the base pre-shared key functionality. MPSK Local operating mode is supported on the SSID profile to allow individual users or group of users to authenticate with per-device or per-group passphrase respectively. MPSK Local works only with wpa2-psk-aes encryption and not with any other PSK Pre-shared key. A unique shared secret that was previously shared between two parties by using a secure channel. This is used with WPA security, which requires the owner of a network to provide a passphrase to users for network access. -based encryption.

The workflow is as follows:

  1. The user creates the MPSK Local profile on the AP with the passphrase and key-name value.
  2. By using WLAN Wireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. SSID configuration wizard, the user creates the SSID profile with MPSK Local as the opmode.
  3. The user attaches the MPSK Local profile created in step 1 to the SSID profile.
  4. The MPSK Local profile is sent to the gateway during SSID creation as a UDR User Derivation Rule. UDR is a role assignment model used by the controllers running ArubaOS to assign roles and VLANs to the WLAN users based on MAC address, BSSID, DHCP-Option, encryption type, SSID, and the location of a user. For example, for an SSID with captive portal in the initial role, a UDR can be configured for scanners to provide a role based on their MAC OUI. rule attached to AAA Authentication, Authorization, and Accounting. AAA is a security framework to authenticate users, authorize the type of access based on user credentials, and record authentication events and information about the network access and network resource consumption. profile.
  5. When the wireless client connects to the AP, the key-name value (Aruba-MPSK-Key-Name) identified is sent to the gateway as a TLV Type-length-value or Tag-Length-Value. TLV is an encoding format. It refers to the type of data being processed, the length of the value, and the value for the type of data being processed. (Type-Length-Value).
  6. The gateway processes the TLV to configure role and VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. derivation-rules by matching the UDR rule.

Prerequisite

Ensure that the role assigned in the MPSK Local Profile on the AP is also created or present on gateways. The WLAN SSID configuration wizard does not push the roles to the gateways that are assigned in the MPSK Local profile. These roles need to be configured explicitly on the gateways.

Limitations

  • MPSK Local only supports passphrases in the form of strings. It does not support passphrases in the form of hexadecimal characters.

  • Modification of a key configuration is not supported as the MPSK Local profile key configuration does not synchronize between an AP and a gateway.

    Workaround: To ensure that the key configuration is updated for the gateway, complete the following steps:

    1. After making changes to the local MPSK profile, open the MPSK SSID wizard again and toggle any change.

      The Save Settings option is enabled.

    2. Click Save Settings.

      An update is triggered for the gateway.

Creating an MPSK Local Profile

To create an MPSK Local profile, complete the following steps:

  1. In the WebUI, set the filter to a group containing at least one AP.

    The dashboard context for the group is displayed.

  2. Under Manage, click Devices > Access Points.

    A list of APs is displayed in the List view.

  3. Click the Config icon.

    The tabs to configure the APs are displayed.

  4. Click Show Advanced.

  5. Click the Security tab.

    The Security page is displayed.

  6. Click the Mpsk Local accordion.

  7. In the MPSK Local window, click + and enter a name for the MPSK Local profile.

  8. To create an MPSK Local passphrase, click + and enter the following information in the MPSK Local Passphrase window, and then click OK.

    1. Name—Enter a unique name for each profile.

    2. Passphrase—Enter a passphrase.

    3. Retype Passphrase—Retype the passphrase to confirm.

    4. Role—Select a user role from the drop-down list.

      Ensure that the role assigned in MPSK Local Profile on the microbranch AP is also created or present on gateways.

      WLAN SSID configuration Wizard does not push the roles to the gateways that are assigned in the MPSK Local profile. These Roles need to be configured explicitly on the gateways.

  9. In the MPSK Local Passphrase window, select an MPSK Local passphrase name, and then click OK.

  10. Click Save Settings.

Editing an MPSK Local Profile

To edit an MPSK Local profile, complete the following steps:

  1. In the WebUI, set the filter to a group containing at least one AP.

    The dashboard context for the group is displayed.

  2. Under Manage, click Devices > Access Points.

    A list of APs is displayed in the List view.

  3. Click the Config icon.

    The tabs to configure the APs are displayed.

  4. Click Show Advanced.

  5. Click the Security tab.

    The Security page is displayed.

  6. Click the Mpsk Local accordion.

  7. In the MPSK Local table, select an MPSK Local profile that you want to edit, and then click the edit icon.

  8. In the MPSK Local Passphrase table, click + and enter the following information to add a new MPSK Local passphrase, and then click OK.

    1. Name—Enter a unique name for each profile.

    2. Passphrase—Enter a passphrase.

    3. Retype Passphrase—Retype the passphrase to confirm.

    4. Role—Select a user role from the drop-down list.

      Ensure that the role assigned in MPSK Local Profile on the microbranch AP is also created or present on gateways.

      WLAN SSID configuration Wizard does not push the roles to the gateways that are assigned in the MPSK Local profile. These Roles need to be configured explicitly on the gateways.

  9. (Optional) To delete an MPSK Local passphrase, select the MPSK Local passphrase name from the MPSK Local Passphrase table, and then click the delete icon.

  10. Click OK.

  11. Click Save Settings.

Deleting an MPSK Local Profile

To delete an MPSK Local profile, complete the following steps:

  1. In the WebUI, set the filter to a group containing at least one AP.

    The dashboard context for the group is displayed.

  2. Under Manage, click Devices > Access Points.

    A list of APs is displayed in the List view.

  3. Click the Config icon.

    The tabs to configure the APs are displayed.

  4. Click Show Advanced.
  5. Click the Security tab.

    The Security page is displayed.

  6. Click the Mpsk Local accordion.
  7. In the MPSK Local table, select an MPSK Local profile that you want to delete, and then click the delete icon.
  8. Click Save Settings.

Enabling MPSK Local for Wireless Networks

To enable MPSK Local for wireless networks, complete the following steps:

  1. In the WebUI, set the filter to a group containing at least one AP.

    The dashboard context for the group is displayed.

  2. Under Manage, click Devices > Access Points.

    A list of APs is displayed in the List view.

  3. Click the Config icon.

    The tabs to configure the APs are displayed.

  4. Click WLANs tab.

    The WLANs detail page is displayed.

  5. Click +Add SSID to create a new SSID. To modify an existing SSID, select a wireless SSID from the Wireless SSIDs table and then click the edit icon.
  6. Click the Security tab.
  7. Select Personal from the Security Level. The authentication options applicable to the personal network are displayed.
  8. From the Key Management drop-down list, select MPSK Local.
  9. From the MPSK Local drop-down list, select an MPSK Local profile.
  10. Click Save Settings.