Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Unique pre-shared key for each device

This thread has been viewed 13 times

  • 1.  Unique pre-shared key for each device

    Posted Feb 06, 2013 05:02 AM

    Hello,

     

    I stumbled upon a document from Aerohive where they advertise something called "Private Pre-Shared Keys".

     

    Basically, you can have a pre-shared key per device to circumvent the problem of a compromised PSK in an enterprise environment.

     

    I don't know how well the AeroHive solution works but something like that would be ideal for our network here as well.

     

    We are using 7210 controllers running ArubaOS 6.2.0.2 and 135 series access points.

     

    Does anyone know if this can be implemented on ArubaOS?

     

    cheers,

    Harald


    #7210


  • 2.  RE: Unique pre-shared key for each device

    Posted Feb 06, 2013 09:12 AM

    No, Aruba does not support Per-User PSK (aka Dynamic PSK, Private PSK).  So far as I know only Aerohive and Ruckus have this capability.  

     

     



  • 3.  RE: Unique pre-shared key for each device

    Posted Jan 19, 2017 10:28 AM

    We have a similar requirement - especially for IoS devices and student games consoles. We don't want them all sharing the same PSK if we can help it and these things don't support 802.1X.

     

    The only way I have thought to do it in Clearpass (we are a Cisco wireless, Aruba RADIUS house) is to use MAC Auth on the SSID and get users to register somehow.  Not ideal, but something that is theoretically possible.

     

    It would be great if Clearpass could generate a per user PSK, the Aerohive solution looks really interesting.



  • 4.  RE: Unique pre-shared key for each device

    Posted Feb 23, 2018 05:23 AM

    I am also interested to know if this feature is available or being looked at on Aruba controllers? Any update.

     

    Cisco has a concept known as Identity PSK, which allows unique PSKs for individuals or groups of users. This is available on v8.5 WLC code and uses Cisco ISE to provide the cisco-avp information back to the controller. I see no reason why this would not work with ClearPass as the back AuthC server.

     

    Kind regards,

     

    Ian



  • 5.  RE: Unique pre-shared key for each device

    EMPLOYEE
    Posted Feb 23, 2018 07:57 AM
    ClearPass device registration and Cisco iPSK work great together and has more functionality than Cisco ISE.


  • 6.  RE: Unique pre-shared key for each device

    Posted Feb 23, 2018 08:33 AM

    Can you point at the Cisco PSK feature? Unfortunately we are stuck on 8.3 for a while until we can replace some of our AP's but it would be an excellent additional incentive to upgrade.



  • 7.  RE: Unique pre-shared key for each device

    EMPLOYEE
    Posted Feb 23, 2018 01:23 PM

    Sorry, not understanding what you're asking.



  • 8.  RE: Unique pre-shared key for each device

    Posted Apr 13, 2018 04:43 AM

    To cczdcw, sorry for the delay in replying. Not sure if I should be posting Cisco links on here but if you do a google search for 'cisco ipsk' the top entry is a good write up (8.5 Identity PSK Feature Deployment Guide) and there is a video further down.

     

    Good luck.



  • 9.  RE: Unique pre-shared key for each device

    Posted Feb 23, 2018 01:15 PM

    Clearpass / Airgroup could be your solution.