Security

Hi Guys,

 

Just wondering if anyone can explain how the proposed MPSK feature work in AOS 8.4.0 would work in conjunction with ClearPass , if any documentation is available that would be handy. I know this unreleased code but it would potentially be useful for me I solving a particular customer challenge.

 

TIA

 

Neither are released code so there is no documentation and can’t be discussed here.

Thanks Tim. Understood! I have reached out to our channel SE

How about now :)

 

I'm guessing MPSK doesn't have much to do with ClearPass, but I'd like to understand also if there is any interaction. We are still using PSK a lot for production, it's a trade off in security vs simplicity/less things to break. MPSK might be a good compromise?

While the controller side is available, MPSK is not yet officially released. MPSK will only be supported with ClearPass and will be available in an upcoming release. It will become the recommended deployment model for headless/IoT devices.

It looks like all it needs is that particular VSA sent back in the response. So does it need to ClearPass or it could be any radius server ?

MPSK will only supported with ClearPass.

Ahh I see. So is every authentication handled by ClearPass then, nothing locally on the controller like traditional PSK? And does the client need to support it (WPA3?), or does the client see just a normal WPA2 PSK?

mPSK has got nothing to with WPA3 it will continue to use WPA2

It’s standard WPA2-PSK and will work with any existing client. The PSK in the SSID profile on the controller is not used.

You can get some good hints about MPSK capabilities by reading the 8.4 documentation which is needed to support this, and is already released:

 

https://www.arubanetworks.com/techdocs/Instant_84_WebHelp/content/instant_ug/wlan_ssid_conf/configuringsecuritysettings.htm

6.8 is now available