Reply
Occasional Contributor I

WPA2 Assistance

Hello,

I have created a new SSID and I wish to use WPA2. I can see the SSID, but when I go to attach to it I get a "verifying identity" message that just sits there. For a brief time I got a message saying something about a "certificate."

Can someone help me or point me to where I can get instructions on deploying WPA2?

Thank you
Mark
Aruba Employee

Re: WPA2 Assistance

Assuming you're talking about WPA2 with 802.1x, the certificate is being presented from the radius server (or the controller if you're doing termination).

If you hit "accept" or ok on the cert message, does it finish authentication?
Occasional Contributor I

Re: WPA2 Assistance

WPA2 will be new to us. The Enterprise currently uses WEP and I'd like to move us to something stronger. We don't have a radius server for authentication, we use Mircrosoft AD for authentication. Is there a WPA2 starter guide I could review? This post could get very long otherwise. What would I need to do to use 'internal' authentication?
Occasional Contributor I

Re: WPA2 Assistance

I found something. I think we need to use WPA2-PSK. Am I correct to assume that with this method, there is a key (up to 63 characters long) that we would not only configure on the Aruba Controllers, but also to each client?
Guru Elite

Wpa2-aes

The ArubaOS 3.4.1 user guide, in Appendix D has detailed instructions on how to configure your Microsoft Server with IAS and your Windows clients for WPAWPA2 AES. The user guide is under documentation on the support site.

You can also optionally go the WPA-preshared key route like you mentioned, but once you get past 30 or 40 devices, sharing a key does not scale and is not the most secure.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I

Re: WPA2 Assistance

Thank you very much! The document you mentioned is just what I was looking for! Appreciate it.
New Contributor

Re: WPA2 Assistance

WPA 2 requires certificates be set up. Depending on your infrastructure, needs, and finacial situation this can be a medium to complex process. You should NOT jump into this without some planing an a good deal of thought.
One of the first things you need to decide is whether to buy a certificate from a provider like Verisign, Thwarte, or GoDaddy or to create your own private certificate infrastructure. With a private infrastructure you have control over certificates but you also need to administor the system, publising CRL lists, issue, reauthorize and revoke certificates etc. From the user point of view, they will be prompted and must specifically accept your certificate also note that the prompt includes words to the effect that "the certificate root can not be verified." A comericial certificate will be validated. The user may still see a message but it will state that the certificate is valid and ask if the user will accept it. In either case answering no will result in the user not being able to access the wireless network.
There is a lot more to a certificate infrastructure but hopefully this will give you enough to decide if you want to go this route.

Mark


Hello,

I have created a new SSID and I wish to use WPA2. I can see the SSID, but when I go to attach to it I get a "verifying identity" message that just sits there. For a brief time I got a message saying something about a "certificate."

Can someone help me or point me to where I can get instructions on deploying WPA2?

Thank you
Mark


Occasional Contributor I

Re: WPA2 Assistance

Again, thank you very much. We'd probably just purchase a cert from Verisign or someone like that. Don't need to make this any more complex then it needs to be. Is there any benefit to using WPA2-PSK with the pass phrase? This seems to be a combination of WEP and WPA2. How does the pass phrase work?
Aruba Employee

Re: WPA2 Assistance

Hi Mark,

PSK has mostly down sides. You have the same key on every station, which means any time the key needs to be changed (someone leaves, you loose a device) every station needs to have the key changed. You can take a look at a discussion here: https://airheads.arubanetworks.com/article/security-note-wpa-and-wpa2-dictionary-attacks

-awl
Andy Logan, ACDX
Director, Strategic Account Solutions
Aruba Networks
Occasional Contributor II

Wpa2 psk

The only time I use PSK is with nasty little print servers that purport to support 802.1x, but really don't (or don't do it well enough to stay connected). Otherwise, I also agree with everyone here to really try to stay away from PSK also. It's about as bad as having to use MAC auth.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: