AAA, NAC, Guest Access & BYOD

Reply
Contributor II
arubamonkey
Posts: 56
Registered: ‎12-17-2011

Re: Server Cert and Trusted CA Cert

[ Edited ]

Tried different browser, still don't see it. Here's a screenshot:

 

http://s17.postimage.org/pgo7zrhhr/EAPTLS.jpg

 

The option doesn't come up in the CLI either.

 

(WLC#1) (802.1X Authentication Profile "TEST-dot1x_prof") #termination inner-eap-type ?
eap-gtc                 Select EAP-GenericTokenCard as the inner
                        authentication protocol
eap-mschapv2            Select EAP-MSCHAPV2 as the inner authentication
                        protocol

 

 

I'm using 5.0.4.3. Are you aware of any issues with this version?

Contributor II
arubamonkey
Posts: 56
Registered: ‎12-17-2011

Re: Server Cert and Trusted CA Cert

Both ArubaOS_5.0CRG and ArubaOS_6.0CRG only mention EAP-GTC and EAP-MS-CHAPv2.

Moderator
cjoseph
Posts: 12,679
Registered: ‎03-29-2007

Re: Server Cert and Trusted CA Cert


arubamonkey wrote:

Tried different browser, still don't see it. Here's a screenshot:

 

http://s17.postimage.org/pgo7zrhhr/EAPTLS.jpg

 

The option doesn't come up in the CLI either.

 

(WLC#1) (802.1X Authentication Profile "TEST-dot1x_prof") #termination inner-eap-type ?
eap-gtc                 Select EAP-GenericTokenCard as the inner
                        authentication protocol
eap-mschapv2            Select EAP-MSCHAPV2 as the inner authentication
                        protocol

 

 

I'm using 5.0.4.3. Are you aware of any issues with this version?


Wait.  When you choose TLS, you do not have to choose an inner EAP type.  The screenshot in the doc is incorrect.

 

Colin Joseph
Aruba Customer Engineering
Contributor II
arubamonkey
Posts: 56
Registered: ‎12-17-2011

Re: Server Cert and Trusted CA Cert

[ Edited ]

I am going by the EAP-TLS document which has this step in 2) b.iv. Which Inner-EAP type does it select by default if neither option is selected?

Moderator
cjoseph
Posts: 12,679
Registered: ‎03-29-2007

Re: Server Cert and Trusted CA Cert

Yes.  The screenshot in that document has an error.

 

Colin Joseph
Aruba Customer Engineering
Contributor II
arubamonkey
Posts: 56
Registered: ‎12-17-2011

Re: Server Cert and Trusted CA Cert

Thanks a lot man. If I had an award, I would give it to you. :smileyvery-happy:

Contributor II
arubamonkey
Posts: 56
Registered: ‎12-17-2011

Re: Server Cert and Trusted CA Cert

Hey one last thing, since I have a Master-Local setup and can't change anything on the Local controller, which server cert do I choose in the dot1x profile on the Master controller? Does the Master perform the authentication or the Local? I guess the cert should be for the one that does authentication.

Moderator
cjoseph
Posts: 12,679
Registered: ‎03-29-2007

Re: Server Cert and Trusted CA Cert

You need to upload  CA as well as server cert on both.   CA cert is the same, but server cert is usually different. Auth occurs on the local, or the master, wherever the AP is connected.

Colin Joseph
Aruba Customer Engineering
Contributor II
arubamonkey
Posts: 56
Registered: ‎12-17-2011

Re: Server Cert and Trusted CA Cert

[ Edited ]

I've uploaded the specific server certs to each controller as well as the same trusted cert on both. In my setup, the APs terminate on the local controller but I can't change the config on the local. So on the Master, do I upload the Local's server cert as well and select that in the dot1x profile since the APs terminate on it?

Moderator
cjoseph
Posts: 12,679
Registered: ‎03-29-2007

Re: Server Cert and Trusted CA Cert

You should be able to upload the cert for the local on the local, and assign it to the name profile name that is referenced in the master config.

Colin Joseph
Aruba Customer Engineering
Search Airheads
Showing results for 
Search instead for 
Do you mean