Device Provisioning Protocol

Device Provisioning Protocol (DPP Device Provisioning Protocol. DPP is a provisioning protocol certified by the Wi-Fi Alliance that allows onboarding IoT devices easily, securely, and on a large scale.) is a Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. alliance initiative that allows onboarding IoT Internet of Things. IoT refers to the internetworking of devices that are embedded with electronics, software, sensors, and network connectivity features allowing data exchange over the Internet. devices easily, securely, and on a large scale.

DPP Network Access

The DPP connectors-based network access can be configured as a new key management option. Configure the DPP network access at the security level when using the create a new network wizard. Cloud authentication is automatically set as the authentication server.

The following key management options are available for DPP connectors-based network access:

• Use DPP only key management when using personal security level.

  DPP does not define AKM for 11r. For an SSID Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. with DPP only key management, do not enable 11r.

• Use DPP + WPA2 Wi-Fi Protected Access 2. WPA2 is a certification program maintained by IEEE that oversees standards for security over wireless networks. WPA2 supports IEEE 802.1X/EAP authentication or PSK technology, but includes advanced encryption mechanism using CCMP that is referred to as AES. dot1x key management when using WPA2 dot1x key management and enable DPP AKM in the SSID.
• Use DPP + WPA2 PSK Pre-shared key. A unique shared secret that was previously shared between two parties by using a secure channel. This is used with WPA security, which requires the owner of a network to provide a passphrase to users for network access.  key management when using WPA2 PSK key management and enable DPP AKM in the SSID.

WLAN Monitoring

When a wireless client accesses network uses DPP, the Key Management column in the Clients monitoring page displays DPP.

Enabling DPP in WLAN SSID Profile

To enable DPP in a WLAN Wireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. SSID profile, complete the following procedure:

1. In the Aruba Central app, set the filter to a group.
2. Under Manage, click Devices > Access Points.
3. Click the Config icon.
4. In the WLANs tab, click Add SSID.
5. Configure the parameters in the General tab. For more information, see Creating a Wireless Network Profile
6. Click Next.
7. Configure the parameters in the VLANs tab. For more information, see Configuring VLAN Settings for Wireless Network

   DPP is not available when the traffic forwarding mode is set to tunnel.

8. Click Next.
9. Configure the parameters in the Security tab. For more information, see Configuring Security Settings for Wireless Network. When Security Level is set to Enterprise and Key Management is set to WPA2-Enterprise, or when Security Level is set to Personal and Key Management is set to WPA2-Personal:
   1. Click Advanced Settings.
   2. Move the DPP slider to the right.

   DPP is not available when the traffic forwarding mode is set to tunnel.

10. Click Next.
11. Configure the parameters in the Access tab. For more information, see Configuring ACLs for User Access to a Wireless Network.
12. Click Next.
13. Click Finish.

Enabling DPP Provisioning in Radio Profile

Enable DPP provisioning for each radio separately. A provisioning server is automatically set as Cloud Auth when DPP is enabled on any radio.

To enable DPP, complete the following procedure:

1. In the Aruba Central app, set the filter to a group.
2. Under Manage, click Devices > Access Points.
3. Click the Config icon.
4. Click the Radios tab.
5. Click Add Profile icon.
6. Configure the radio parameters. For more information, see Configuring Radio Parameters.
7. Select the DPP Provisioning check box for the applicable radio.
8. Click Save.

Cloud Authentication Configuration

Configure the DPP options in cloud authentication as part of the client policy. For more information, see Configuring Wired Port on an AP or IAP.

The SSID to provision on clients that are onboarded using DPP can be selected. The SSID list displays all SSIDs from all device groups for which key management is set to DPP. However, only one SSID can be selected.

The Aruba-User-Role that gets applied to the client at network access time is determined using the existing client policy and this is based on the client profile tags.

To enable DPP, complete the following procedure:

1. In the Aruba Central app, set the filter to Global.
2. Under Manage, click Security > Authentication & Policy.
3. Click the Config icon.
4. In the Client Access Policy card, click the Edit Policy icon.
5. In the Client Profile Tag to Client Role Mapping table, select the WLAN SSID profile created in Enabling DPP in WLAN SSID Profile from the Client Role drop-down.
6. Select the WLAN SSID profile created in Enabling DPP in WLAN SSID Profile from the Used by WLAN drop-down.
7. Click Save.