Legal Disclaimer: The resource assets in this website may include abbreviated and/or legacy terminology for HPE Aruba Networking products. See www.arubanetworks.com for current and complete HPE Aruba Networking product lines and names.
MPSK Local
The MPSK Multi Pre-Shared Key. The Cloud Authentication and Policy server enables MPSK in a WLAN network in Aruba Central, to provide seamless wireless network connection to the end-users and client devices. Local operating mode allows to configure 24 pre-shared keys per SSID Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. without an external policy engine like ClearPass Policy Manager. These local PSKs serve as an extension of the base pre-shared key functionality. MPSK Local operating mode is supported on the SSID profile to allow individual users or group of users to authenticate with per-device or per-group passphrase respectively. MPSK Local works only with wpa2-psk-aes encryption and not with any other PSK Pre-shared key. A unique shared secret that was previously shared between two parties by using a secure channel. This is used with WPA security, which requires the owner of a network to provide a passphrase to users for network access. -based encryption.
The workflow is as follows:
- The user creates the MPSK Local profile on the AP with the passphrase and key-name value.
- By using WLAN Wireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. SSID configuration wizard, the user creates the SSID profile with MPSK Local as the opmode.
- The user attaches the MPSK Local profile created in step 1 to the SSID profile.
- The MPSK Local profile is sent to the gateway during SSID creation as a UDR User Derivation Rule. UDR is a role assignment model used by the controllers running ArubaOS to assign roles and VLANs to the WLAN users based on MAC address, BSSID, DHCP-Option, encryption type, SSID, and the location of a user. For example, for an SSID with captive portal in the initial role, a UDR can be configured for scanners to provide a role based on their MAC OUI. rule attached to AAA Authentication, Authorization, and Accounting. AAA is a security framework to authenticate users, authorize the type of access based on user credentials, and record authentication events and information about the network access and network resource consumption. profile.
- When the wireless client connects to the AP, the key-name value (Aruba-MPSK-Key-Name) identified is sent to the gateway as a TLV Type-length-value or Tag-Length-Value. TLV is an encoding format. It refers to the type of data being processed, the length of the value, and the value for the type of data being processed. (Type-Length-Value).
- The gateway processes the TLV to configure role and VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. derivation-rules by matching the UDR rule.
Prerequisite
Ensure that the role assigned in the MPSK Local Profile on the AP is also created or present on gateways. The WLAN SSID configuration wizard does not push the roles to the gateways that are assigned in the MPSK Local profile. These roles need to be configured explicitly on the gateways.
Limitations
-
MPSK Local only supports passphrases in the form of strings. It does not support passphrases in the form of hexadecimal characters.
-
Modification of a key configuration is not supported as the MPSK Local profile key configuration does not synchronize between an AP and a gateway.
Workaround: To ensure that the key configuration is updated for the gateway, complete the following steps:
-
After making changes to the local MPSK profile, open the MPSK SSID wizard again and toggle any change.
The Save Settings option is enabled.
-
Click Save Settings.
An update is triggered for the gateway.
-
Creating an MPSK Local Profile
To create an MPSK Local profile, complete the following steps:
-
In the WebUI, set the filter to a group containing at least one AP.
The dashboard context for the group is displayed.
-
Under
, click > .A list of APs is displayed in the
view. -
Click the
icon.The tabs to configure the APs are displayed.
-
Click
. -
Click the
tab.The Security page is displayed.
-
Click the
accordion. -
In the
window, click and enter a name for the MPSK Local profile. -
To create an MPSK Local passphrase, click + and enter the following information in the
window, and then click .-
—Enter a unique name for each profile.
-
—Enter a passphrase.
-
—Retype the passphrase to confirm.
-
—Select a user role from the drop-down list.
Ensure that the role assigned in MPSK Local Profile on the microbranch AP is also created or present on gateways.
WLAN SSID configuration Wizard does not push the roles to the gateways that are assigned in the MPSK Local profile. These Roles need to be configured explicitly on the gateways.
-
-
In the
window, select an MPSK Local passphrase name, and then click . -
Click
.
Editing an MPSK Local Profile
To edit an MPSK Local profile, complete the following steps:
-
In the WebUI, set the filter to a group containing at least one AP.
The dashboard context for the group is displayed.
-
Under
, click > .A list of APs is displayed in the
view. -
Click the
icon.The tabs to configure the APs are displayed.
-
Click
. -
Click the
tab.The Security page is displayed.
-
Click the
accordion. -
In the
table, select an MPSK Local profile that you want to edit, and then click the edit icon. -
In the
table, click + and enter the following information to add a new MPSK Local passphrase, and then click .-
—Enter a unique name for each profile.
-
—Enter a passphrase.
-
—Retype the passphrase to confirm.
-
—Select a user role from the drop-down list.
Ensure that the role assigned in MPSK Local Profile on the microbranch AP is also created or present on gateways.
WLAN SSID configuration Wizard does not push the roles to the gateways that are assigned in the MPSK Local profile. These Roles need to be configured explicitly on the gateways.
-
-
(Optional) To delete an MPSK Local passphrase, select the MPSK Local passphrase name from the
table, and then click the delete icon. -
Click
. -
Click
.
Deleting an MPSK Local Profile
To delete an MPSK Local profile, complete the following steps:
- In the WebUI, set the filter to a group containing at least one AP.
The dashboard context for the group is displayed.
- Under
A list of APs is displayed in the
view.
, click > . - Click the
The tabs to configure the APs are displayed.
icon. - Click .
- Click the
The Security page is displayed.
tab. - Click the accordion.
- In the table, select an MPSK Local profile that you want to delete, and then click the delete icon.
- Click .
Enabling MPSK Local for Wireless Networks
To enable MPSK Local for wireless networks, complete the following steps:
- In the WebUI, set the filter to a group containing at least one AP.
The dashboard context for the group is displayed.
- Under
A list of APs is displayed in the
view.
, click > . - Click the
The tabs to configure the APs are displayed.
icon. - Click
The WLANs detail page is displayed.
tab. - Click to create a new SSID. To modify an existing SSID, select a wireless SSID from the table and then click the edit icon.
- Click the tab.
- Select from the . The authentication options applicable to the personal network are displayed.
- From the drop-down list, select .
- From the drop-down list, select an MPSK Local profile.
- Click .