Legal Disclaimer: The resource assets in this website may include abbreviated and/or legacy terminology for HPE Aruba Networking products. See www.arubanetworks.com for current and complete HPE Aruba Networking product lines and names.
HPE Aruba Networking Central supports the Management Frame Protection (MFP) feature in networks that include Aruba InstantOS 8.5.0.0 firmware version and later. This feature protects networks against forged management frames spoofed from other devices that might otherwise disrupt a valid user session.
The MFP increases the security by providing data confidentiality of management frames. MFP uses 802.11i 802.11i provides improved encryption for networks that use 802.11a, 802.11b, and 802.11g standards. It requires new encryption key protocols, known as Temporal Key Integrity Protocol (TKIP) and Advanced Encryption Standard (AES). framework that establishes encryption keys between the client and Instant Access Point (IAP).
Enabling Management Frames Protection for Wireless Networks in HPE Aruba Networking Central
To enable the MFP feature, complete the following steps:
- In the WebUI, set the filter to a group containing at least one AP.
The dashboard context for the group is displayed.
- Under , click > .
A list of APs is displayed in the view.
- Click the icon.
The tabs to configure the APs are displayed.
- Click the tab.
The WLANs Wireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. details page is displayed.
- In the page, click . To modify an existing SSID Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network., select a wireless SSID from the table and then click the edit icon.
- In the tab, click .
- Expand .
- Turn on the toggle switch to enable the MFP feature.
- Click .
- Click .
The MFP configuration is a per SSID configuration. The MFP feature can be enabled only on WPA2 Wi-Fi Protected Access 2. WPA2 is a certification program maintained by IEEE that oversees standards for security over wireless networks. WPA2 supports IEEE 802.1X/EAP authentication or PSK technology, but includes advanced encryption mechanism using CCMP that is referred to as AES.-PSK Pre-shared key. A unique shared secret that was previously shared between two parties by using a secure channel. This is used with WPA security, which requires the owner of a network to provide a passphrase to users for network access. and WPA2-Enterprise SSIDs. The 802.11r 802.11r is an IEEE standard for enabling seamless BSS transitions in a WLAN. 802.11r standard is also referred to as Fast BSS transition. fast roaming option will not take effect when the MFP is enabled.
