Controller Based WLANs

What does the PSK-refresh feature do?

Product and Software: This article applies to all Aruba controllers and ArubaOS 3.3.2.0 code and later. 

Preshared key (PSK)-refresh allows you to refresh the PSK used by remote APs. By default, PSK-refresh is disabled. With PSK-refresh enabled, the controller accepts connections from remote APs using the previously configured PSK for the specified interval. After the interval elapses, that PSK expires and the controller uses the new PSK to authenticate remote APs. 

To enable PSK-refresh, you must: 

1)  Configure the amount of time in days or hours (known as the interval) to remember the previously configured PSK used in your remote AP deployment. 
Note: Aruba recommends configuring a large interval to prevent remote APs from being unable to authenticate and connect to the network. 

2)  Configure the global PSK. The IP address must be 0.0.0.0, and the netmask must be 0.0.0.0. 
Note: If you do not configure the global PSK, the PSK-refresh feature is invalid. 

To enable PSK-refresh: 

Using the WebUI: 

1)  Navigate to the Configuration > Advanced Services > VPN Services > IPSec page. 
2)  In the IKE PSK-Refresh section, select (check) Enable IKE PSK-Refresh, select (check) the Interval Type (hours or days), and enter the Interval value (2-24 hours or 1-365 days). 
3)  Click Apply. 
4)  Review the IKE Shared Secrets section to ensure you have a global PSK configured. 

Using the CLI: 

crypto isakmp psk-caching {days <interval> | hours <interval>} 
crypto isakmp key <key> address 0.0.0.0 netmask 0.0.0.0 

For more information, see “Configuring Remote APs” in the ArubaOS 3.3.2 User Guide.

Version history
Revision #:
1 of 1
Last update:
‎07-09-2014 02:45 PM
Updated by:
 
Labels (1)
Contributors
Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.