Users Guide

ManualsBrandsDell ManualsAccess PlatformsW-651

451

452

453

454

455

456

457

458

459

460

454 | Adding Local Controllers Dell PowerConnect W-Series ArubaOS 6.1 | User Guide

encryption. For details and requirements for Suite-B encryption, see “Configuring an SSID for Suite-B

cryptography” on page152.

Configuring a Preshared Key

Leaving the PSK set to the default value exposes the IPSec channel to serious risk, therefore you should always

configure a unique PSK for each controller pair.

Sharing the same PSK between more than two controllers increases the likelihood of compromise. If one

controller is compromised, all controllers are compromised. Therefore, best security practices include configuring

a unique PSK for each controller pair

Weak keys are susceptible to offline dictionary attacks, meaning that a hostile eavesdropper can capture a few

packets during connection setup and derive the PSK, thus compromising the connection. Therefore the PSK

selection process should be the same process as selecting a strong passphrase:

 the PSK should be at least ten characters in length

 the PSK should not be a dictionary word

 the PSK should combine characters from at least three of the following four groups:

 lowercase characters

 uppercase characters

 numbers

 punctuation or special characters, such as ~‘@#$%^&*()_-+=\|//.[]{}

The following sections describe how to configure a PSK using the WebUI or CLI.

Using the WebUI to configure a Local Controller PSK

1. Navigate to the Configuration > Network > Controller > System Settings page.

2. The procedure to configure a local PSK varies, depending upon whether it is configured using a local

controller or a master controller.

 On a local controller, enter the IPSec key in the IPSec Key (IKE PSK) and Retype IPSec Key (IKE PSK)

fields.

 On a master controller, click New under Local Controller IPSec Keys. then enter the local controller IP

address and then enter and retype the IPSec key. Click Add.

3. Click Apply.

Using the WebUI to configure a Master Controller PSK

Use the procedure below to configures the IP address and preshared key for the master controller.

1. Navigate to the Configuration > Network > Controller > System Settings page.

2. In the IPSEC Key (IKE PSK) field, enter the IPSec key. Reenter this key in the Retype IPSEC Key (IKE

PSK) field.

3. (Optional) In the FQDN field, enter a fully qualified domain name used in IKE.

4. (Optional) Click the Source IP address field and select the VLAN ID of Vlan interface to initiate IKE. The

controller IP address will be used if the VLAN is not specified.

5. Click Apply.

CAUTION: Do not use the default global PSK on a master or stand-alone controller. If you have a multi-controller network then

configure the local controllers to match the new IPSec PSK key on the master controller.