Controllerless Networks

Hello,

It's my understanding that CPPM is required for this to work and uses MAC auth as part of the process. My question is can you create generic passphrases for each kind of device that you want to have connect to your MPSK SSID? Does each device have to "register" with CPPM guest in order to work or do you have to preload the CPPM guest endpoint database for this to work?

We have an IoT SSID that we want to convert to MPSK, but it's looking like it's going to be a complicated CPPM configuration to get this working. Just seeing if anyone else has done this and what it looks like in the real world.

------------------------------
Chris Watson
------------------------------

Hi Chris,

Yes ClearPass is required to work with MSPK. Each device mac-adress have to be registered in the guest module. The controller configuration is quite simple and you can follow the "wizard" by creating a new SSID. On the ClearPass Policy Manager you can create a MPSK service from the templates.

On Aruba Instant there is a option for MPSK without ClearPass, but is limited to 16 24 devices/PKS's.

There are some good posts around on the community for example this one.
https://community.arubanetworks.com/community-home/digestviewer/viewthread?MID=26931

Hope this helps!

------------------------------
Marcel Koedijk | MVP Guru 2021 | ACMP | ACCP | ACDA | Ekahau ECSE | Not an HPE Employee | Opionions are my own
------------------------------

Original Message:
Sent: May 14, 2021 04:31 PM
From: Chris Watson
Subject: MPSK on Instant 8.6 firmware

Hello,

It's my understanding that CPPM is required for this to work and uses MAC auth as part of the process. My question is can you create generic passphrases for each kind of device that you want to have connect to your MPSK SSID? Does each device have to "register" with CPPM guest in order to work or do you have to preload the CPPM guest endpoint database for this to work?

We have an IoT SSID that we want to convert to MPSK, but it's looking like it's going to be a complicated CPPM configuration to get this working. Just seeing if anyone else has done this and what it looks like in the real world.

------------------------------
Chris Watson
------------------------------

In InstantOS 8.7 it is now possible to configure MPSK locally. Of course, this is limited to 24 PSK per SSID, but in many cases it is enough.

Configuration is from the CLI through a command:


------------------------------
Piotr Filip

ACEX#41/ACCX/ACDX/ACMX/CWNA/CWSP
------------------------------

Original Message:
Sent: May 14, 2021 04:31 PM
From: Chris Watson
Subject: MPSK on Instant 8.6 firmware

Hello,

It's my understanding that CPPM is required for this to work and uses MAC auth as part of the process. My question is can you create generic passphrases for each kind of device that you want to have connect to your MPSK SSID? Does each device have to "register" with CPPM guest in order to work or do you have to preload the CPPM guest endpoint database for this to work?

We have an IoT SSID that we want to convert to MPSK, but it's looking like it's going to be a complicated CPPM configuration to get this working. Just seeing if anyone else has done this and what it looks like in the real world.

------------------------------
Chris Watson
------------------------------