Wireless Access

 View Only

  • 1.  MPSK Question

    Posted Jun 01, 2024 09:32 PM

    I have a fast question regarding this.

    Does it allow just one device per password or many device can log in with the same password

    What I want to know if its a one to one password or I can log in with on password for example all my cameras log In with this password and all my printers log in with this one something like that.

    Thanks



  • 2.  RE: MPSK Question

    Posted Jun 02, 2024 12:00 PM

    You can use as many devices as needed with each password. 


    Original Message


  • 3.  RE: MPSK Question

    Posted Jun 03, 2024 05:04 AM

    With MPSK WLAN, the preshared key is not stored locally in the controller, but is sent as a radius VSA from the ClearPass to the controller. Your enforcement profile only needs to send back the correct value, so both are possible.

    You can use a dedicated key for each device. In this case, you save it in the guest device and reference it in the enforcement profile with "Radius:Aruba Aruba-MPSK-Passphrase = %{Authorization:[Guest Device Repository]:Device MPSK}".

    Alternatively, use one key per device type/device guest role. In this case, you set the key in the enforcement profile "Radius:Aruba Aruba-MPSK-Passphrase = aruba123". The ClearPass GUI does not allow you to select a value yourself, one is generated automatically. If you want to use your own key, export the enforcement profile to XML, set your own key and import the profile.



    ------------------------------
    Regards,

    Waldemar
    ACCX # 1377, ACEP, ACX - Network Security
    If you find my answer useful, consider giving kudos and/or mark as solution
    ------------------------------

    Original Message


  • 4.  RE: MPSK Question

    Posted Jun 03, 2024 11:01 AM

    Which MPSK?  There are a few implementations depending on version of AOS.

    MPSK Local (Instant and AOS 10) doesn't require MAC address registration.



    ------------------------------
    Carson Hulcher, ACEX#110
    ------------------------------

    Original Message


  • 5.  RE: MPSK Question

    Posted Jun 21, 2024 01:07 PM

    hello eveyone thanks for the asnwer

    Chelcher it on central  with a gateway, they have a clearpass as well.  They are doing it one way but i was advising them to we could change it with MPSK


    Original Message


  • 6.  RE: MPSK Question

    Posted Nov 25, 2024 05:11 AM

    Hello Carson,  You mention AOS10 doesn't require mac registration.  Everything we are seeing is it is asking for a Mac address as mandatory.    Our goal is that we have a small number of meeting rooms and each to have a MPSK password so we can hand to guests as well as their IOT devices etc.. that cant support a portal.  We cant always know or dont want to manage mac addresses.  Have you got a reference you can point me to?  Thanks David


    Original Message


  • 7.  RE: MPSK Question

    Posted Nov 25, 2024 11:06 AM

    As mentioned, there are multiple flavors of MPSK: Local that is a static configuration, Local that also does a MAC auth, MPSK with ClearPass that requires registration, MPSK through Cloud Auth that can be registered or unbound.

    If you are running AOS 10 and interested in the unbound variant of MPSK, the documentation is available in the Central help portal or through the UI.  Note, Cloud Auth requires the integration of a cloud IdP.



    ------------------------------
    Carson Hulcher, ACEX#110
    ------------------------------

    Original Message


Related Content