12-30-2014 07:43 AM
I use Aruba Mobility Controller 3600, with AP-135
I try to create ssid with wpa-psk-tkip encryption. But when I give it throws error:
(Aruba3600) (SSID Profile "ssidprofile") #wpa-passphrase 123456789
(Aruba3600) (SSID Profile "ssidprofile") #opmode wpa-psk-tkip
Error: dot1x profile needs to be enabled in aaa profile "default" to support opmode "wpa-psk-tkip" configured in ssid profile "ssidprofile"
Looks like, some more profiles need to be created. Can someone please give an example of commands.
Thanks in advance.
Solved! Go to Solution.
12-30-2014 07:47 AM
Within the VAP that contains your SSID profile "ssidprofile", is a AAA profile (in your case "default"). That AAA profile has a dot1x-profile inside it. That needs to be configured to support PSK. Just make sure you don't have any other VAPs using the same AAA profile, and if not (if 'ssidprofile' is your only SSID), then you can change the dot1x profile to 'default-psk'.
Sr. Techical Marketing Engineer
12-30-2014 07:48 AM
12-30-2014 09:56 AM
09-10-2016 06:03 AM - edited 09-11-2016 12:05 AM
I d'like to share my finding and hope that someone could figure out why it happens as it does.
I also had troubles enabling TKIP on an SSID.
1> When creating an SSID with the wizard with WPA/TKIP auth/encryption: An error message is displayed on the GUI when quitting the SSID config page:
Also note the absence of a encryption selection:
This is due to the fact that the wizard selects TKIP only, and that is not a valid encryption combination.
To find out what are valid combinations, see this post:
To solve this error message, simply select an extra encryption on the 'Advanced' tab to obtain a valid pair (i.e. wpa2-psk-aes)
Now there will be a valid 'mixed encryption mode' and no more error messages:
2> If you want to add TKIP to an existing SSID with i.e. WPA2-PSK It matters how you do it.
If you try to select mixed mode and a valid combination, there will be an error message:
To prevent this I found that the correct extra encryption type had to be selected from the 'Advanced' tab:
After applying this, there is no error and a valid mixed mode is selected on the 'Basic' tab:
09-10-2016 12:56 PM
Due to TKIP's insecurity, it is not allowed to be configured by itself on an SSID since March 30, 2012 on IAPs.
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base