Security

last person joined: 19 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

WPA2-PSK + AES + mac auth using CPPM or controller

This thread has been viewed 12 times

  • 1.  WPA2-PSK + AES + mac auth using CPPM or controller

    Posted Jul 04, 2014 01:28 PM

    Hi,

     

    I have setup with Aruba 7200 controller, CPPM as a policy manager, AP 135 & LDAP 2008

     

    I want to provide wireless access to user using WPA2-PSK + AES + mac auth

     

    Kindly suggest the configuration with less administration.

     

    Thanks...



  • 2.  RE: WPA2-PSK + AES + mac auth using CPPM or controller

    EMPLOYEE
    Posted Jul 04, 2014 09:21 PM
    What are you trying to accomplish?

    Do you have an existing database of MAC addresses that you want to authenticate?

    Do you want users to have to register?

    Why not use 802.1X?


  • 3.  RE: WPA2-PSK + AES + mac auth using CPPM or controller

    Posted Jul 04, 2014 10:08 PM

    Hi Cappalli,

     

    What are you trying to accomplish?

     

    We have different software project team & they want to test software on there handheld device using wireless network.

    So i will provide them common pre-shared key & for security i will use mac authentication.

     

    No. i dont hv mac address database.

     

    As per my setup i am using CPPM as a policy manager. So user can not register. am i right?

     

    Why not use 802.1X?

     

    Software project & users always changing but device is common & its difficult to change frequently in AD for network engineer.

    AD user database is maintained by System Admin.

     

    Thanks...

     

     

     



  • 4.  RE: WPA2-PSK + AES + mac auth using CPPM or controller

    EMPLOYEE
    Posted Jul 07, 2014 08:24 AM

    With MAC authentication, you need a source/list of MAC addresses. Where will you have this list? Will users register themselves?



  • 5.  RE: WPA2-PSK + AES + mac auth using CPPM or controller

    Posted Jul 07, 2014 06:13 PM

    Hi,

     

    I have mac address list in excel file. If if go for static host entry then i will manually add those mac in static host profile.

    If i require to make them "Known" in endpoint repositery, i will do that manually.

     

    I hv configured the ssid with wpa2-psk +aes and mac auth & in cpppm i hv configured mac based auth service. i am able to get request in cppm. Access tracker showing user rejected cause i hv nt added user in static host list but user is able to get IP address.

     

    User must not get IP untill an unless added in static host list.



  • 6.  RE: WPA2-PSK + AES + mac auth using CPPM or controller

    EMPLOYEE
    Posted Jul 07, 2014 06:18 PM
    About how many MAC addresses are there? You might be better off importing them to the endpoint database.


  • 7.  RE: WPA2-PSK + AES + mac auth using CPPM or controller

    Posted Jul 07, 2014 06:24 PM

    around 250 mac.

    but i hv other 3 ssid i am using AD authentication + mac auth using endpoint repositery.

    I think that will be complex for me to find mac address with respective ssid in endpoint.



  • 8.  RE: WPA2-PSK + AES + mac auth using CPPM or controller
    Best Answer

    EMPLOYEE
    Posted Jul 07, 2014 06:39 PM

    You'd want to do something like your other post. Add a custom attribute and then tag those endpoints with that attribute.

     

    You can use this guide to get you started. It's a similar scenario:

     

    http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/Guide-Bradford-NAC-database-to-ClearPass-the-semi-automated/m-p/171532