Security

Reply
Contributor II

Unique pre-shared key for each device

Hello,

 

I stumbled upon a document from Aerohive where they advertise something called "Private Pre-Shared Keys".

 

Basically, you can have a pre-shared key per device to circumvent the problem of a compromised PSK in an enterprise environment.

 

I don't know how well the AeroHive solution works but something like that would be ideal for our network here as well.

 

We are using 7210 controllers running ArubaOS 6.2.0.2 and 135 series access points.

 

Does anyone know if this can be implemented on ArubaOS?

 

cheers,

Harald

Frequent Contributor I

Re: Unique pre-shared key for each device

No, Aruba does not support Per-User PSK (aka Dynamic PSK, Private PSK).  So far as I know only Aerohive and Ruckus have this capability.  

 

 

New Contributor

Re: Unique pre-shared key for each device

We have a similar requirement - especially for IoS devices and student games consoles. We don't want them all sharing the same PSK if we can help it and these things don't support 802.1X.

 

The only way I have thought to do it in Clearpass (we are a Cisco wireless, Aruba RADIUS house) is to use MAC Auth on the SSID and get users to register somehow.  Not ideal, but something that is theoretically possible.

 

It would be great if Clearpass could generate a per user PSK, the Aerohive solution looks really interesting.

New Contributor

Re: Unique pre-shared key for each device

I am also interested to know if this feature is available or being looked at on Aruba controllers? Any update.

 

Cisco has a concept known as Identity PSK, which allows unique PSKs for individuals or groups of users. This is available on v8.5 WLC code and uses Cisco ISE to provide the cisco-avp information back to the controller. I see no reason why this would not work with ClearPass as the back AuthC server.

 

Kind regards,

 

Ian

Guru Elite

Re: Unique pre-shared key for each device

ClearPass device registration and Cisco iPSK work great together and has more functionality than Cisco ISE.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
New Contributor

Re: Unique pre-shared key for each device

Can you point at the Cisco PSK feature? Unfortunately we are stuck on 8.3 for a while until we can replace some of our AP's but it would be an excellent additional incentive to upgrade.

Contributor II

Re: Unique pre-shared key for each device

Clearpass / Airgroup could be your solution.

Guru Elite

Re: Unique pre-shared key for each device

Sorry, not understanding what you're asking.


| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
New Contributor

Re: Unique pre-shared key for each device

To cczdcw, sorry for the delay in replying. Not sure if I should be posting Cisco links on here but if you do a google search for 'cisco ipsk' the top entry is a good write up (8.5 Identity PSK Feature Deployment Guide) and there is a video further down.

 

Good luck.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: