Mist MPSK – Part 2

Mist MPSK – Part 2

In my previous post and part 1 of Mist MPSK, I talked about the configuration of MPSK using the Mist Dashboard. I want to do a deep dive into the connectivity phase of this solution and see how it looks. Here is my basic network setup. First I will connect using the first passphrase and then the second one.

  • SSID: iot_stuff
  • VLAN20 – 192.168.20.0/24 – PSK = passPhrase1
  • VLAN30 – 192.168.30.0/24 – PSK = passPhrase2

VLAN20 – 192.168.20.0/24 – PSK = passPhrase1:

It is a simple process, but I wanted to look and see what is happening in the background during the connectivity phrase. Plus captures are fun. After I connected to the SSID “iot_stuff” using the first PSK, “passPhrase1” as expected I received an IP from VLAN20.

Mist MPSK – VLAN20

Let’s do some captures on the Juniper EX2300-C switch to see what is happening in there. NOTE: Juniper switches support “tcpdump” from the shell prompt. But you can also run captures from the “CLI” prompt; which is an excellent feature especially if you are trying to troubleshoot something or just like looking at logs and pcaps in your spare time (yes I absolutely do).

Command to run captures is “monitor traffic interface “interface-name”. There are further sub options as well.

Juniper – Monitor Traffic

First step was finding out which interface I want to capture. I can look this information up in the Mist Dashboard easily under Access Points or just run the “show lldp ne” command in the switch “CLI”. I decided to utilize the “layer2-headers” sub option to get some L2 related information. Did I mention; how awesome this feature is among other Juniper CLI features? It really is.

Mist MPSK – VLAN20

From the capture above I can see the DHCP Discover from my iPhone. And next I see a DHCP Offer from the switch on VLAN20.

Next I will try to connect using the second passphrase.

VLAN30 – 192.168.30.0/24 – PSK = passPhrase2:

I restarted the monitor on “ge-0/0/9” interface so that I can connect using the second passphrase.

Mist MPSK – VLAN30

Using the second passphrase my iPhone received an IP address from VLAN30 as expected. Image below shows the capture from the switch. DHCP Discover from my iPhone and then DHCP Offer from VLAN30 this time instead of VLAN20.

Mist MPSK – VLAN30

Mist MPSK feature is very simple and easy to implement. Additionally, Juniper CLI is so much easier to understand once you start working with it. It offers some excellent features that many network engineers can appreciate. It’s a whole new amazing world.

In part three of this series; I want to explore some APIs and how I can leverage them for Mist MPSK. Always open to feedback, if I may have missed something or anything I can do to improve. Thank you for reading.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

2 thoughts on “Mist MPSK – Part 2”

  1. Thanks for the post. I also heard Mist charging another subscription for more advanced PSK lifecycle management but there’s nothing I could find on this.

WordPress SEO