Security

Reply
Frequent Contributor II
Posts: 167
Registered: ‎04-17-2013

WPA2-PSK + AES + mac auth using CPPM or controller

Hi,

 

I have setup with Aruba 7200 controller, CPPM as a policy manager, AP 135 & LDAP 2008

 

I want to provide wireless access to user using WPA2-PSK + AES + mac auth

 

Kindly suggest the configuration with less administration.

 

Thanks...

Guru Elite
Posts: 8,458
Registered: ‎09-08-2010

Re: WPA2-PSK + AES + mac auth using CPPM or controller

What are you trying to accomplish?

Do you have an existing database of MAC addresses that you want to authenticate?

Do you want users to have to register?

Why not use 802.1X?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor II
Posts: 167
Registered: ‎04-17-2013

Re: WPA2-PSK + AES + mac auth using CPPM or controller

Hi Cappalli,

 

What are you trying to accomplish?

 

We have different software project team & they want to test software on there handheld device using wireless network.

So i will provide them common pre-shared key & for security i will use mac authentication.

 

No. i dont hv mac address database.

 

As per my setup i am using CPPM as a policy manager. So user can not register. am i right?

 

Why not use 802.1X?

 

Software project & users always changing but device is common & its difficult to change frequently in AD for network engineer.

AD user database is maintained by System Admin.

 

Thanks...

 

 

 

Guru Elite
Posts: 8,458
Registered: ‎09-08-2010

Re: WPA2-PSK + AES + mac auth using CPPM or controller

With MAC authentication, you need a source/list of MAC addresses. Where will you have this list? Will users register themselves?


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor II
Posts: 167
Registered: ‎04-17-2013

Re: WPA2-PSK + AES + mac auth using CPPM or controller

Hi,

 

I have mac address list in excel file. If if go for static host entry then i will manually add those mac in static host profile.

If i require to make them "Known" in endpoint repositery, i will do that manually.

 

I hv configured the ssid with wpa2-psk +aes and mac auth & in cpppm i hv configured mac based auth service. i am able to get request in cppm. Access tracker showing user rejected cause i hv nt added user in static host list but user is able to get IP address.

 

User must not get IP untill an unless added in static host list.

Guru Elite
Posts: 8,458
Registered: ‎09-08-2010

Re: WPA2-PSK + AES + mac auth using CPPM or controller

About how many MAC addresses are there? You might be better off importing them to the endpoint database.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor II
Posts: 167
Registered: ‎04-17-2013

Re: WPA2-PSK + AES + mac auth using CPPM or controller

around 250 mac.

but i hv other 3 ssid i am using AD authentication + mac auth using endpoint repositery.

I think that will be complex for me to find mac address with respective ssid in endpoint.

Guru Elite
Posts: 8,458
Registered: ‎09-08-2010

Re: WPA2-PSK + AES + mac auth using CPPM or controller

You'd want to do something like your other post. Add a custom attribute and then tag those endpoints with that attribute.

 

You can use this guide to get you started. It's a similar scenario:

 

http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/Guide-Bradford-NAC-database-to-ClearPass-the-semi-automated/m-p/171532

 


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
Showing results for 
Search instead for 
Did you mean: