Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
blog:aruba-mpsk-freeradius [2020/03/01 12:21] v0tti [Some Notes] |
blog:aruba-mpsk-freeradius [2024/02/08 10:31] (current) v0tti |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== Using Aruba MPSK with FreeRADIUS ====== | ====== Using Aruba MPSK with FreeRADIUS ====== | ||
- | A few months ago Aruba introduced the MPSK authentication feature for their WiFi systems. With MPSK it is possible to have a PSK protected SSID but with a per device/MAC password. Unfortunately it is only officially supported to work with the Clearpass Policy Manager from Aruba. However, we could figure | + | A few months ago Aruba introduced the MPSK authentication feature for their WiFi systems. With MPSK it is possible to have a PSK protected SSID but with a per device/MAC password. Unfortunately it is only officially supported to work with the Clearpass Policy Manager from Aruba. However, we figured |
==== Configure the SSID ==== | ==== Configure the SSID ==== | ||
- | From the WebUI, create a new SSID with MPSK authentication. It is not possible to select an existing RADIUS server, just create a new dummy server. Now, edit the SSID profile and now change the dummy server to your (previously configured) FreeRADIUS server | + | From the WebUI, create a new SSID with MPSK authentication. It is not possible to select an existing RADIUS server, just create a new dummy server. Now, edit the SSID profile and now change the dummy server to your (previously configured) FreeRADIUS server. |
==== Configure the FreeRADIUS Server ==== | ==== Configure the FreeRADIUS Server ==== | ||
- | When a client connects the controller will send a RADIUS request to the server. In the response you have to include the vendor-specific attribute '' | + | When a client connects the controller will send a RADIUS request to the server. In the response you have to include the vendor-specific attribute '' |
If you operate a proxying RADIUS, like we do, your config could look like this: | If you operate a proxying RADIUS, like we do, your config could look like this: | ||
Line 23: | Line 23: | ||
==== Some Notes ==== | ==== Some Notes ==== | ||
Using MPSK without Clearpass is not officially supported and TAC probably won't help if any problem occurs. The controller will cache the password for a period of time (seems to be a couple of hours). | Using MPSK without Clearpass is not officially supported and TAC probably won't help if any problem occurs. The controller will cache the password for a period of time (seems to be a couple of hours). | ||
+ | |||
+ | Most of the work explained here was done by [[https:// | ||
---- | ---- |