aruba networks

CTS 139: Aruba Networks Demos OWE at MFD3

Understanding OWE operation from the Aruba Networks demo presented at MFD3.

Aruba Networks Demos OWE

Opportunistic Wireless Encryption (OWE) is a security improvement coming to open SSIDs. It’s aimed at securing the insecure. We see it everywhere. A Wi-Fi network completely open for clients to join. It’s unencrypted traffic between clients and the AP.

OWE was demoed by Aruba Networks at Mobility Field Day 3 (MFD3) and I was able to capture the frames during the demo. Aruba needed to build a custom supplicant using Ubuntu in order for this demo to work since there are no working clients supporting OWE yet.

There was an AP broadcasting an SSID, MFD-OWE, in OWE Transition Mode.

Aruba Networks OWE Demo from MFD3

OWE Transition Mode SSID

An SSID in OWE Transition Mode will utilize 2 BSSIDs. One for the Open SSID, for clients that do not support OWE, and another BSSID for the OWE-capable SSID. That’s something to keep in mind for OWE Transition Mode.

When most clients support OWE, an SSID strictly supporting OWE can be configured.

In the demo, Aruba Networks created a custom supplicant within Ubuntu since there are no OWE capable clients available. In a Probe Response to the client, there will be an Information Element containing the BSSID and SSID for an OWE-capable client to send a Probe Request to.

OWE Information Element from a Probe Response frame.

OWE Information Element inside the Probe Response

The client sends a Probe Request frame to the OWE SSID, which is a hidden SSID.

Within the Association Request frame, the client will include an RSN Information Element. Within that RSNIE there will be the MFP requirement needed in OWE.

After association a 4-way handshake will follow and when complete, transmissions will be encrypted.

Frame exchange for OWE supported SSID and client.

Frames exchanged to joining an OWE-enabled SSID.

Information you’ll need for the pcap file:

BSSID of MFD-OWE: 20:a6:cd:60:00:b0

OWE SSID: _owetm_MFD-OWE2340208851
BSSID: 20:a6:cd:60:00:b1

Client MAC: 9c:b6:d0:d7:ce:dd

Links and Resources

CTS 051: Aruba Networks at Mobility Field Day Live

Aruba Networks, a Hewlett Packard Enterprise Company, hosts Mobility Field Day Live at their EBC in Sunnyvale to talk about their Mobile First Platform announcement of Aruba OS 8.

On September 12th, 2016 Aruba Networks introduced their Mobile First Platform. A platform in which improves upon mobile users’ wireless experience. They’ve really put a lot into developing Aruba OS 8 with extensions to an ecosystem of partners.

Aruba Networks went into great detail of the features being implemented with Aruba OS 8, their new operating system.

Campus WLAN Foundation

Aruba Networks has implemented features customers have been asking for. Features that make it simpler to manage large scale networks.

Introducing the Mobility Master which can be deployed as a VM or a physical appliance. With the flexibility of a VM, engineers can utilize existing infrastructure and if needed, add more CPU, memory, and storage without running into appliance limitations.

A favorite feature of mine with Aruba OS 8 is the ability to terminate different SSIDs on the same AP to different controllers. A lot of flexibility and security using this method. Definitely eliminating restrictions on traditional WLANs.

Going into operations, Aruba Networks introduces zero touch provisioning of new controllers. Controllers can find the mobility master, making it easier on operations.

With the mobility master, it can manage different versions of firmware as long as it is running the latest version. But because the mobility master is not in the data path you won’t see the network go down during an upgrade. With the ability to manage different versions of firmware, you’re allowed to test the latest version on one controller rather than deploying it to all controllers at the same time.


For those requiring multi-tenancy, this feature is a huge benefit. The traditional model had access points terminating at a single controller. In Aruba OS 8, different WLANs on the same AP can terminate to different controllers. You now have complete security separation between WLANs and a benefit of not having to install multiple APs for security purposes. This removes the headaches of management and cleans up the RF environment. Read More

CTS 004: You Know Your Wi-Fi Sucks When It’s on Bad-Fi

In this podcast we have our first interview ever on the show, Eddie Forero. He’s the CEO of CommunicaONE, a VAR which designs and implements wireless networks.

I first met Eddie on Twitter where he shares his experiences and expertise about Wi-Fi.

We talk about a couple of topics such as mistakes being made in wireless deployments, how to get started in wireless, and resources used.

Avoiding Wi-Fi Mistakes with Eddie ForeroIn This Episode

  • Bad wireless installations
  • Deployment mistakes
  • How to get started in wireless

Links and Resources Mentioned

Thanks For Listening!

Thanks again for listening to today’s episode. Let us know what you think in the comments below and be sure to share this episode on Twitter, Facebook, and LinkedIn.

I would really appreciate it if you subscribed to Clear To Send on iTunes. Give a rating and review. Any feedback is greatly appreciated!