Wireless Access

last person joined: 20 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Error when configuring wpa-psk-tkip

This thread has been viewed 10 times

  • 1.  Error when configuring wpa-psk-tkip

    Posted Dec 30, 2014 10:44 AM

    HI,

     

    I use Aruba Mobility Controller 3600, with AP-135

     

    I try to create ssid with wpa-psk-tkip encryption. But when I give it throws error:

     

    (Aruba3600) (SSID Profile "ssidprofile") #wpa-passphrase 123456789

    (Aruba3600) (SSID Profile "ssidprofile") #opmode wpa-psk-tkip
    Error: dot1x profile needs to be enabled in aaa profile "default" to support opmode "wpa-psk-tkip" configured in ssid profile "ssidprofile"

     

    Looks like, some more profiles need to be created.  Can someone please give an example of commands.

     

    Thanks in advance.

    --uv.


    #3600


  • 2.  RE: Error when configuring wpa-psk-tkip
    Best Answer

    EMPLOYEE
    Posted Dec 30, 2014 10:48 AM

    Within the VAP that contains your SSID profile "ssidprofile", is a AAA profile (in your case "default"). That AAA profile has a dot1x-profile inside it. That needs to be configured to support PSK. Just make sure you don't have any other VAPs using the same AAA profile, and if not (if 'ssidprofile' is your only SSID), then you can change the dot1x profile to 'default-psk'.



  • 3.  RE: Error when configuring wpa-psk-tkip
    Best Answer

    EMPLOYEE
    Posted Dec 30, 2014 10:48 AM

    Create a new AAA profile for that SSID and use default-psk for 802.1X authentication. Then link that AAA profile to the virtual-AP.



  • 4.  RE: Error when configuring wpa-psk-tkip

    Posted Dec 30, 2014 11:48 AM

    Thanks cappali, jhoward for the solution.



  • 5.  RE: Error when configuring wpa-psk-tkip

    Posted Dec 30, 2014 12:57 PM
    Do understand that using tkip encryption lowers your available data rates making N speeds not possible. If pre-shared keys are desired you should be using WPA2-PSK with CCMP Cipher (AES)


  • 6.  RE: Error when configuring wpa-psk-tkip

    Posted Sep 10, 2016 09:03 AM

    I d'like to share my finding and hope that someone could figure out why it happens as it does.

     

    I also had troubles enabling TKIP on an SSID.

     

    1> When creating an SSID with the wizard with WPA/TKIP auth/encryption:TKIP1.png An error message is displayed on the GUI when quitting the SSID config page:

    TKIP2.png

     

    Also note the absence of a encryption selection:

    TKIP4.png

    This is due to the fact that the wizard selects TKIP only, and that is not a valid encryption combination.

    To find out what are valid combinations, see this post:

    What-are-the-valid-opmode-combinations

     

    To solve this error message, simply select an extra encryption on the 'Advanced' tab to obtain a valid pair (i.e. wpa2-psk-aes)

    TKIP3.png

    Now there will be a valid 'mixed encryption mode' and no more error messages:

    TKIP5.png

     

    2> If you want to add TKIP to an existing SSID with i.e. WPA2-PSK It matters how you do it.

    TKIP6.png

    If you try to select mixed mode and a valid combination, there will be an error message:

    TKIP7.png

    To prevent this I found that the correct extra encryption type had to be selected from the 'Advanced' tab:

    TKIP8.png

    After applying this, there is no error and a valid mixed mode is selected on the 'Basic' tab:

    TKIP9.png

     

    Rgds

    Peter

     



  • 7.  RE: Error when configuring wpa-psk-tkip

    EMPLOYEE
    Posted Sep 10, 2016 03:57 PM

    Due to TKIP's insecurity, it is not allowed to be configured by itself on an SSID since March 30, 2012 on IAPs.