Monday, January 5, 2015

Are you using PSK on @hp_networking unified wireless? #uww #wlan

If the answer is yes and you have more than 4000 devices... my first question why the heck are you not using 802.11x????    ugh...PSK!

Well..ok...i'm be a hater... maybe a little...

If you are, you might be running into a built in limitation on the PSK services on a unified wireless controller.  Its pretty easy to work around, you just need to turn on a dummy mac authenticaiton and you can blast past the 4096 limit. Here's a quick example (note... not my config, stolen from someone else)

interface WLAN-ESS5 
port link-type hybrid 
port hybrid vlan 1 untagged 
mac-vlan enable 
port-security port-mode mac-and-psk 
port-security tx-key-type 11key 
port-security preshared-key 
pass-phrase cipher $c$3$7k97WmbO3E0yA0jT4YQy6xP69Sq
mac-authentication domain isp
wlan service-template 5 
crypto ssid aaa 
bind WLAN-ESS 5 
cipher-suite ccmp 
security-ie rsn 
service-template enable 
domain isp
authentication lan-access none 
authorization lan-access none 
accounting lan-access none 
access-limit disable 
state active idle-cut disable 

self-service-url disable

Adding the following underlined is the fix.