Security

Reply
Highlighted
Contributor II

MPSK without Clearpass

Hi,

is there any way to get MPSK working without Clearpass? We are working with FreeRADIUS (where we can configure custom attributes) and do not plan to use Clearpass in the future.


Accepted Solutions
Highlighted
MVP

Re: MPSK without Clearpass

No, Clearpass is a requirement for Aruba MPSK.

View solution in original post

Highlighted
Contributor II

Re: MPSK without Clearpass

OK, i found out how the VSA has to be used to get MPSK working without CPPM. I will write up how to do this in a blog post in a few days.

View solution in original post


All Replies
Highlighted
MVP

Re: MPSK without Clearpass

No, Clearpass is a requirement for Aruba MPSK.

View solution in original post

Highlighted
Occasional Contributor II

Re: MPSK without Clearpass

Really?

 

Isn´t MPSK on the Radius side not much more than sending a VSA to the controller that has the PSK for the client?

Aruba-mPSK-Passphrase seems to be the VSA name.

https://github.com/FreeRADIUS/freeradius-server/blob/master/share/dictionary/radius/dictionary.aruba

has it.

 

Christian

 

Highlighted
Moderator

Re: MPSK without Clearpass

CPPM is required to support Aruba MPSK.



If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Highlighted
Occasional Contributor II

Re: MPSK without Clearpass

May I ask why?

 

Couldn´t I setup freeRadius in a way that it will send back the mPSK on a per device/group basis?

 

Controller will do a MAC auth against freeRadius and freeRadius can add the VSA when it is set back to the controller?

 

Highlighted
Contributor II

Re: MPSK without Clearpass

I would also like to know why I am not allowed to use a different Auth-Server for this.

It seems I cant't configure MPSK with a FreeRADIUS Server, it simply recieves no requests when configuring it as a MPSK Auth-Server.

Highlighted
Contributor II

Re: MPSK without Clearpass

OK, we now got FreeRadius talking to our controllers. We are setting the correct "Aruba-MPSK-Passphrase" VSA, but the controllers are still complaining that it is missing ("Aruba-MPSK-Passphrase VSA not received for MPSK user - MAC cc:2f:xx:xx:xx").

Highlighted
Contributor II

Re: MPSK without Clearpass

OK, i found out how the VSA has to be used to get MPSK working without CPPM. I will write up how to do this in a blog post in a few days.

View solution in original post

Highlighted
Moderator

Re: MPSK without Clearpass

While this may work, it is not TAC supported.


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: