Wireless Access

Contributor I

Error when configuring wpa-psk-tkip



I use Aruba Mobility Controller 3600, with AP-135


I try to create ssid with wpa-psk-tkip encryption. But when I give it throws error:


(Aruba3600) (SSID Profile "ssidprofile") #wpa-passphrase 123456789

(Aruba3600) (SSID Profile "ssidprofile") #opmode wpa-psk-tkip
Error: dot1x profile needs to be enabled in aaa profile "default" to support opmode "wpa-psk-tkip" configured in ssid profile "ssidprofile"


Looks like, some more profiles need to be created.  Can someone please give an example of commands.


Thanks in advance.


Re: Error when configuring wpa-psk-tkip

Within the VAP that contains your SSID profile "ssidprofile", is a AAA profile (in your case "default"). That AAA profile has a dot1x-profile inside it. That needs to be configured to support PSK. Just make sure you don't have any other VAPs using the same AAA profile, and if not (if 'ssidprofile' is your only SSID), then you can change the dot1x profile to 'default-psk'.

Jerrod Howard
Sr. Technical Marketing Engineer
Guru Elite

Re: Error when configuring wpa-psk-tkip

Create a new AAA profile for that SSID and use default-psk for 802.1X authentication. Then link that AAA profile to the virtual-AP.

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor I

Re: Error when configuring wpa-psk-tkip

Thanks cappali, jhoward for the solution.

Super Contributor I

Re: Error when configuring wpa-psk-tkip

Do understand that using tkip encryption lowers your available data rates making N speeds not possible. If pre-shared keys are desired you should be using WPA2-PSK with CCMP Cipher (AES)
ACDX #419 | ACMP |
Frequent Contributor I

Re: Error when configuring wpa-psk-tkip

I d'like to share my finding and hope that someone could figure out why it happens as it does.


I also had troubles enabling TKIP on an SSID.


1> When creating an SSID with the wizard with WPA/TKIP auth/encryption:TKIP1.png An error message is displayed on the GUI when quitting the SSID config page:



Also note the absence of a encryption selection:


This is due to the fact that the wizard selects TKIP only, and that is not a valid encryption combination.

To find out what are valid combinations, see this post:



To solve this error message, simply select an extra encryption on the 'Advanced' tab to obtain a valid pair (i.e. wpa2-psk-aes)


Now there will be a valid 'mixed encryption mode' and no more error messages:



2> If you want to add TKIP to an existing SSID with i.e. WPA2-PSK It matters how you do it.


If you try to select mixed mode and a valid combination, there will be an error message:


To prevent this I found that the correct extra encryption type had to be selected from the 'Advanced' tab:


After applying this, there is no error and a valid mixed mode is selected on the 'Basic' tab:






Guru Elite

Re: Error when configuring wpa-psk-tkip

Due to TKIP's insecurity, it is not allowed to be configured by itself on an SSID since March 30, 2012 on IAPs.

Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
Search Airheads
Showing results for 
Search instead for 
Did you mean: