Aruba - Unbound MPSK
Last updated
Was this helpful?
Last updated
Was this helpful?
This is a Beta feature only for partners and customer with access to the Beta Program.
Requires AP with Firmware AOS 10.4.x or above
Traditional RADIUS-based iPSK relies on MAC authentication, requiring each device to be pre-onboarded individually to collect its MAC address. While onboarding through a captive portal can simplify the process for non-headless devices, it still requires manually collecting and adding the MAC addresses of headless devices (such as smart TVs, printers, smartwatches, etc.), which can be challenging. Additionally, the MAC addresses of many personal devices may change over time due to the aggressive MAC randomization and rotation policies in modern operating systems.
Aruba Central Unbound MPSK is a new solution that leverages RADIUS authentication while overcoming the limitations of traditional MAC-based authentication. The RADIUS platform performs a user lookup by analyzing the EAPOL parameters included in the RADIUS request to identify potential user matches.
Each Location in Cusna is associated to a WLAN in the Aruba Central dashboard.
Setup a Group for your project, configuring it with ArubaOS 10 architecture
Select the Config wheel to start configuring the Group
Under Security Tab add the Radius Authentication Server: Enter a Name, such as CusnaRADIUS IP Address: <will be provided by Cloud4Wi> Secret: <will be provided by Cloud4Wi> Auth Por: 1812 Accounting Port: 1813
Next, select the WLAN tab and then the Plus sign next to add SSID
There are many parameters that can be customized. For now, we will create a simple WLAN network. Type in a SSID name (ESSID) and click Next
On the next scree, select Static on Client VLAN Assignment, enter a VLAN and click Next
In the Security tab, under Key Management, select MPSK-AES and then pull down on the Primary Server setting to select the Radius Server you configured above
Expand the Advanced Settings and go down and disable 802.11r
Click Next two more times and your WLAN SSID with MPSK AES should be complete.
To connect Cusna to your Aruba Central account, you need to generate an API Key in your Aruba Central account:
At the Global level, select Organization and then Platform Integration
In the first tab, make sure to take not of the API hostname for your account, such as "apigw-uswest5.central.arubanetworks.com" (take only the hostname, without "https://")
Choose My Apps and Tokens tab. Create a Token.
Copy the Client ID and Client Secret.
Then, in the Token List table, click Download Token and Copy the Access token and Refresh Token (It is good for 2 hours)
Once the key is generated, complete the integration in the Cusna dashboard:
Log in to your Cusna account and click Setting.
Expand the WiFi setup card, select Aruba Central
Enable the toggle Easy PSK via RADIUS
Enter :
your API GW URL
client ID
client Secret
Unbound MPSK mode cannot be enabled manually on Aruba Central.
When you connect a Cusna Network with a WLAN and SSID, Cusna programmatically enables the Unbound MPSK mode on the SSID via APIs.
If you make a change to the SSID on the Central dashboard, it will lose the Unbound MPSK support.
To re-enable it, go to Cusna dashboard, Setup > Integration and click Edit on the Aruba integration card. Click Enable Unbound MPSK on SSID.
Chose REST API
Click Authorize. The Authorize integration dialog appears. Enter your Access Token and Refresh Token and click Authorize.
On the next dialog select your Group and SSID and click Setup.
