Wireless Access

Reply
Contributor I
Posts: 21
Registered: ‎06-11-2013

Error when configuring wpa-psk-tkip

HI,

 

I use Aruba Mobility Controller 3600, with AP-135

 

I try to create ssid with wpa-psk-tkip encryption. But when I give it throws error:

 

(Aruba3600) (SSID Profile "ssidprofile") #wpa-passphrase 123456789

(Aruba3600) (SSID Profile "ssidprofile") #opmode wpa-psk-tkip
Error: dot1x profile needs to be enabled in aaa profile "default" to support opmode "wpa-psk-tkip" configured in ssid profile "ssidprofile"

 

Looks like, some more profiles need to be created.  Can someone please give an example of commands.

 

Thanks in advance.

--uv.

MVP
Posts: 1,302
Registered: ‎11-07-2008

Re: Error when configuring wpa-psk-tkip

Within the VAP that contains your SSID profile "ssidprofile", is a AAA profile (in your case "default"). That AAA profile has a dot1x-profile inside it. That needs to be configured to support PSK. Just make sure you don't have any other VAPs using the same AAA profile, and if not (if 'ssidprofile' is your only SSID), then you can change the dot1x profile to 'default-psk'.

Jerrod Howard
Sr. Techical Marketing Engineer
Guru Elite
Posts: 8,322
Registered: ‎09-08-2010

Re: Error when configuring wpa-psk-tkip

Create a new AAA profile for that SSID and use default-psk for 802.1X authentication. Then link that AAA profile to the virtual-AP.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor I
Posts: 21
Registered: ‎06-11-2013

Re: Error when configuring wpa-psk-tkip

Thanks cappali, jhoward for the solution.

MVP
Posts: 288
Registered: ‎08-27-2012

Re: Error when configuring wpa-psk-tkip

Do understand that using tkip encryption lowers your available data rates making N speeds not possible. If pre-shared keys are desired you should be using WPA2-PSK with CCMP Cipher (AES)
ACDX #419 | ACMP |
Contributor II
Posts: 62
Registered: ‎07-23-2014

Re: Error when configuring wpa-psk-tkip

[ Edited ]

I d'like to share my finding and hope that someone could figure out why it happens as it does.

 

I also had troubles enabling TKIP on an SSID.

 

1> When creating an SSID with the wizard with WPA/TKIP auth/encryption:TKIP1.png An error message is displayed on the GUI when quitting the SSID config page:

TKIP2.png

 

Also note the absence of a encryption selection:

TKIP4.png

This is due to the fact that the wizard selects TKIP only, and that is not a valid encryption combination.

To find out what are valid combinations, see this post:

What-are-the-valid-opmode-combinations

 

To solve this error message, simply select an extra encryption on the 'Advanced' tab to obtain a valid pair (i.e. wpa2-psk-aes)

TKIP3.png

Now there will be a valid 'mixed encryption mode' and no more error messages:

TKIP5.png

 

2> If you want to add TKIP to an existing SSID with i.e. WPA2-PSK It matters how you do it.

TKIP6.png

If you try to select mixed mode and a valid combination, there will be an error message:

TKIP7.png

To prevent this I found that the correct extra encryption type had to be selected from the 'Advanced' tab:

TKIP8.png

After applying this, there is no error and a valid mixed mode is selected on the 'Basic' tab:

TKIP9.png

 

Rgds

Peter

 

Guru Elite
Posts: 20,773
Registered: ‎03-29-2007

Re: Error when configuring wpa-psk-tkip

Due to TKIP's insecurity, it is not allowed to be configured by itself on an SSID since March 30, 2012 on IAPs.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: