Security

This community is currently in a read-only state due to a maintenance window. For more info click here
Reply
Highlighted
Occasional Contributor I

Re: Setting up MPSK for headless/IoT devices

Well, that was easy. Thank You Cappalli

Highlighted
New Contributor

Re: Setting up MPSK for headless/IoT devices

Take a look at this link. https://community.arubanetworks.com/t5/Security/ClearPass-MPSK-Form-Options/m-p/526335#M42588

I recommend importing , even if its just 1 device , you have more options. See the import template we put together
Highlighted
New Contributor

Re: Setting up MPSK for headless/IoT devices

In the Cisco world, you can limit the SSID to a specific location using "ap-groups", not sure how that is done in Aruba. Secondly, you can put a rule in the service where connection requests from a specific controller(s) are accepted.

Highlighted

Re: Setting up MPSK for headless/IoT devices

We do it in a similar way Tariq. I will call you to discuss further.

Highlighted
MVP Expert

Re: Setting up MPSK for headless/IoT devices

Setting this up in the Lab today with all of my Home IoT devices :-)

Sean Rynearson
Smart Spaces TME
Phone: 706.972.1520
Twitter: @srynearson
Airheads: @srynearson
Highlighted
MVP Expert

Re: Setting up MPSK for headless/IoT devices

How can I mass import? lol Got it

Sean Rynearson
Smart Spaces TME
Phone: 706.972.1520
Twitter: @srynearson
Airheads: @srynearson
Highlighted
New Contributor

Re: Setting up MPSK for headless/IoT devices

Cool you got it , if you have any question I can try to help.

 

Not sure if its a smart thing to do , but I am using this instead of 802.11x . For Macs 802.11x auth sucks, (BT and WiFi are on the same chip and it has caused many problems) I didnt want my users to suffer. MPSK is much easier for me, Everyone has their own password, and they can't share it , well they could it just wouldnt work on other device. One thing to be aware of, if a user is using iCloud Keychain, WiFi passwords are shared throughout all their devices. To solve this just usethe same MPSK Password , for all devices for that particular user. I for instance I used same MPSK password when registering, my apple watch,homepod,macbook,imac,appletv,ipad,iphone etc .... so just becareful.

Highlighted
Moderator

Re: Setting up MPSK for headless/IoT devices

Please be aware that this was only designed for headless devices. Alternative workflows may not be officially supported.


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Highlighted
MVP Expert
MVP Expert

Re: Setting up MPSK for headless/IoT devices

Hi,

 

My SMTP server working fine but have some issues with autofill the email field in the mac_create form.

 

I send the attribute "mail" in my enforcement profile. I can see my emailadres send correctly in the request output as attribute "Application:mail".

 

In the guest application there is a translation rule to bind the attribute value "mail" on the operator field "email".

 

In the Form field the email attribute is not autofilled.

 

I make some mistake or misunderstanding somewhere, but after some hours i give up, grrr. Some help should be welcome :). See attachments Screen Shot 2019-09-27 at 15.35.23.pngScreen Shot 2019-09-27 at 15.36.36.pngScreen Shot 2019-09-27 at 15.36.00.png

 

 

Kind Regards Marcel Koedijk
HPE ASE Flexnetwork | ACMP | ACCP | Ekahau ECSE Design - Was this post usefull, Kudos are welcome.
Highlighted
All-Decade MVP 2020

Re: Setting up MPSK for headless/IoT devices

I found an issue in 8.6.0.4

 

When you create a new SSID using the wizard and choose MPSK and select your clearpass server, it creates a new AAA profile for the MPSK SSID, however the Mac auth server for that AAA profile is default, not ClearPass. Therefor no authentications came to ClearPass.

 

Going into the AAA profile settings you can set the correct MAC Auth server group and this makes it all work

 

Thanks to OP for the guide!

-------------------
ACDX, ACCP, CISSP, CWNA
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: