Wireless Access

Reply
Occasional Contributor II

Should MPSK be its own SSID?

With Aruba role-based access there should never be more than 3 SSIDs, one for each authentication type:

1. Enterprise (802.1x)

2. Personal (passphrase\password)

3. Open (Open)

Seeing that WPA3 is backward compatible, the model should be the same going forward. Then you throw in MPSK...

 

So the questions,

If we intend to use MPSK for devices that don't support enterprise authentication should we create a new SSID and run the 1:1 PSK model? 

OR use an existing SSID with WPA2-PSK and have the current passphrase as the default?

 

If we use the existing SSID will we be able to migrate that network to WPA3-SAE in the future?

 

 

Highlighted
Guru Elite

Re: Should MPSK be its own SSID?

MPSK and WPA3-SAE are mutually exclusive.

As of right now, it’s recommended to have a single WPA2-Personal SSID. You can use the original PSK as the default.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Occasional Contributor II

Re: Should MPSK be its own SSID?

In your opinion, will MPSK ultimately be replaced by DPP in the far off future?

 

I have heard of using "password identifiers" for WPA3-SAE. Will this allow dynamic passwords?

 

I just don't like the idea of a never changing password used across the company and that people may remember it when they leave. 

Guru Elite

Re: Should MPSK be its own SSID?

DPP would not replace an authentication method. SAE with password ID would eventually replace MPSK.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: