Cloud Managed Networks

 View Only
Expand all | Collapse all

[TUTORIAL] Personal Wireless Network with Aruba Central and AOS10

This thread has been viewed 685 times
  • 1.  [TUTORIAL] Personal Wireless Network with Aruba Central and AOS10

    Posted Nov 24, 2024 08:22 PM
    Edited by ariyap Jan 08, 2025 05:39 PM

    Personal Wireless Networks (PWN) are groups of user-owned Wi-Fi devices that connect and operate together in a VLAN, enabling communication within that network. It's essential to ensure that only devices within the designated group can interact in one another, along with an added ability for the device owners to permit Multicast DNS (mDNS) and Simple Service Discovery Protocol (SSDP) based services to be shared with their friends.  

    I'll be demonstrating PWN solution In this technote "Personal Wireless Network with Aruba Central Cloud Auth – Admin Managed" using Multi Pre-Shared Key (MPSK) on AOS10 APs and Cloud Auth to provide user role-based policies for segmentation without any dependency on an identity store. 
    Hope you'll find it useful and as always please send through your feedback for improvement.
    ------------------------------
    If my post was useful accept solution and/or give kudos.
    Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
    ------------------------------



  • 2.  RE: [TUTORIAL] Personal Wireless Network with Aruba Central and AOS10

    Posted Nov 25, 2024 10:04 AM

    This looks like a feature I'd love to implement on our network.  Reading your tutorial, though, it creates the MPSK SSID in bridge mode.  Our MPSK SSID is in tunnel mode and I don't see the Personal Wireless Network option when I look at our MPSK SSID.  I assume that means bridge mode is currently a requirement.  Will support be added for tunnel mode MPSK SSIDs in the future?




  • 3.  RE: [TUTORIAL] Personal Wireless Network with Aruba Central and AOS10

    Posted Nov 25, 2024 05:46 PM

    Yes at this stage bridged forwarding is the requirement. Like always new features/enhancement will be done in phases.

    For details you can contact your local HPE Aruba SE.



    ------------------------------
    If my post was useful accept solution and/or give kudos.
    Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
    ------------------------------



  • 4.  RE: [TUTORIAL] Personal Wireless Network with Aruba Central and AOS10

    Posted Dec 02, 2024 09:19 AM

    Works perfectly, thank you for the great tutorial!

    How did you get the 'Password Portal' links under MPSK Management?



    ------------------------------
    Greez,
    Uli
    ------------------------------



  • 5.  RE: [TUTORIAL] Personal Wireless Network with Aruba Central and AOS10

    Posted Dec 02, 2024 02:01 PM



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 6.  RE: [TUTORIAL] Personal Wireless Network with Aruba Central and AOS10

    Posted Dec 03, 2024 03:27 AM
    Edited by upsisworld Dec 03, 2024 03:28 AM

    Hi Herman,

    this screenshot also was included in @ariyap`s document and is the reason for my question.

    In my case it looks like that:


    No 'Open' nor 'Copy URL' visible ...


    ------------------------------
    Greez,
    Uli
    ------------------------------



  • 7.  RE: [TUTORIAL] Personal Wireless Network with Aruba Central and AOS10

    Posted Dec 09, 2024 05:53 AM

    Did you connect your Identity Provider? I tested and if there is no Identity Provider configured (Entra ID, Google Workspace, Okta), the URL is not shown (because the users can't login); once I added the provider, the URL link shows up.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 8.  RE: [TUTORIAL] Personal Wireless Network with Aruba Central and AOS10

    Posted Dec 09, 2024 09:33 AM

    Thanks a lot, that was the part I was missing!



    ------------------------------
    Greez,
    Uli
    ------------------------------



  • 9.  RE: [TUTORIAL] Personal Wireless Network with Aruba Central and AOS10

    Posted Dec 11, 2024 05:42 AM

    Hi, last week I experimented a bit with Central MPSK-based Personal Wireless Network, which was exceptionally easy and worked well. At the time I was only using admin-managed named MPSKs. 
    Yesterday evening I also set up Entra ID as an IDP. This morning, MPSKs created via the Entra ID-authenticated portal also worked. At some point, however, I noticed that the test clients were going in and out of the SSID every second, regardless of whether they were admin-managed or via the portal.
     I see the following message in the events on Central:
    "Onboarding failed for client 3e:9c:29:xx:xx:xx in Deauthentication/Disassociation phase to BSSID 94:64:24:yy:yy:yy on channel 100+ of AP hostname AP-635. Reason: Previous authentication is not valid"
    Unfortunately, deleting the Entra ID connection (the only change to the overall construct) did not fix it! All other SSIDs (1x, PSK and Cloudguest) work without drama.
    Do you have any idea what is going wrong here? 



    ------------------------------
    Greez,
    Uli
    ------------------------------



  • 10.  RE: [TUTORIAL] Personal Wireless Network with Aruba Central and AOS10

    Posted Dec 11, 2024 07:56 AM

    Could it be that your AP clock is not syncronized? Otherwise, I would open a TAC case to let them find out what is going on here. Looks like the AP invalidates the authentication, which is not expeced.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 11.  RE: [TUTORIAL] Personal Wireless Network with Aruba Central and AOS10

    Posted Dec 11, 2024 11:35 AM

    Herman,

    Thank you for the hint, but the clock is synchronized.

    As this was just an experiment in my lab I do not want to keep TAC busy with that. I will rebuild it sometime and see how it works.



    ------------------------------
    Greez,
    Uli
    ------------------------------