Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

MPSK without Clearpass

This thread has been viewed 99 times

  • 1.  MPSK without Clearpass

    Posted Sep 01, 2019 07:31 AM

    Hi,

    is there any way to get MPSK working without Clearpass? We are working with FreeRADIUS (where we can configure custom attributes) and do not plan to use Clearpass in the future.



  • 2.  RE: MPSK without Clearpass
    Best Answer

    Posted Sep 01, 2019 06:39 PM

    No, Clearpass is a requirement for Aruba MPSK.



  • 3.  RE: MPSK without Clearpass

    Posted Sep 02, 2019 07:12 AM

    Really?

     

    Isn´t MPSK on the Radius side not much more than sending a VSA to the controller that has the PSK for the client?

    Aruba-mPSK-Passphrase seems to be the VSA name.

    https://github.com/FreeRADIUS/freeradius-server/blob/master/share/dictionary/radius/dictionary.aruba

    has it.

     

    Christian

     



  • 4.  RE: MPSK without Clearpass

    EMPLOYEE
    Posted Sep 04, 2019 11:29 AM

    CPPM is required to support Aruba MPSK.



  • 5.  RE: MPSK without Clearpass

    Posted Sep 04, 2019 11:32 AM

    May I ask why?

     

    Couldn´t I setup freeRadius in a way that it will send back the mPSK on a per device/group basis?

     

    Controller will do a MAC auth against freeRadius and freeRadius can add the VSA when it is set back to the controller?

     



  • 6.  RE: MPSK without Clearpass

    Posted Sep 09, 2019 05:37 AM

    I would also like to know why I am not allowed to use a different Auth-Server for this.

    It seems I cant't configure MPSK with a FreeRADIUS Server, it simply recieves no requests when configuring it as a MPSK Auth-Server.



  • 7.  RE: MPSK without Clearpass

    Posted Sep 09, 2019 07:17 AM

    OK, we now got FreeRadius talking to our controllers. We are setting the correct "Aruba-MPSK-Passphrase" VSA, but the controllers are still complaining that it is missing ("Aruba-MPSK-Passphrase VSA not received for MPSK user - MAC cc:2f:xx:xx:xx").



  • 8.  RE: MPSK without Clearpass
    Best Answer

    Posted Sep 09, 2019 08:04 AM

    OK, i found out how the VSA has to be used to get MPSK working without CPPM. I will write up how to do this in a blog post in a few days.



  • 9.  RE: MPSK without Clearpass

    EMPLOYEE
    Posted Sep 09, 2019 08:11 AM
    While this may work, it is not TAC supported.


  • 10.  RE: MPSK without Clearpass

    Posted Apr 13, 2021 11:36 AM

    Hi,

    May I please know how could you set up the MPSK without the CPPM?

    Many thanks,

    Ed



    ------------------------------
    Edward Zeng
    ------------------------------

    Original Message


  • 11.  RE: MPSK without Clearpass

    EMPLOYEE
    Posted Apr 14, 2021 09:24 AM
    https://www.arubanetworks.com/techdocs/Instant_87_WebHelp/Content/instant-ug/wlan-ssid-conf/conf-secur-sett.htm#Local

    You need to be on Instant 8.7 or up for Local MPSK.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
    ------------------------------

    Original Message


  • 12.  RE: MPSK without Clearpass

    Posted Aug 28, 2022 11:59 AM
    Did you ever write the blogpost? If so, can you send a link?

    ------------------------------
    Nathan K
    ------------------------------

    Original Message