Aruba Instant & Cloud Wi-Fi

Reply
New Contributor
Posts: 3
Registered: ‎04-02-2015

Does Aruba Instant AP support RFC 3580 to configure called-station-id with SSID?

Introduction : For IEEE 802.1X Authenticators, the attribute called-station-id is used to store the bridge or Access Point MAC address(upper or lower case) with octet values separated by a none(default)/colon/dash/none.  Example with upper case with dash: "00-10-A4-23-19-C0".

In IEEE 802.11, where the SSID is known, it should be appended to the Access Point MAC address, separated from the MAC address with colon(default)/dash/none. Example with colon: 00-10-A4-23-19-C0 : ARUBA

Does Aruba Instant AP  support  this one ?

Guru Elite
Posts: 7,847
Registered: ‎09-08-2010

Re: Does Aruba Instant AP support RFC 3580 to configure called-station-id with SSID?

No, it just sends the AP’s MAC. The SSID is send in an Aruba-VSA.

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
New Contributor
Posts: 3
Registered: ‎04-02-2015

Re: Does Aruba Instant AP support RFC 3580 to configure called-station-id with SSID?

Dear Cappalli,

Thanks a lot. But which one that I can use in the Aruba-VSA list ?

Best regrads.

Lewis.

 

Guru Elite
Posts: 7,847
Registered: ‎09-08-2010

Re: Does Aruba Instant AP support RFC 3580 to configure called-station-id with SSID?

Aruba-Essid-Name

 

aruba-essid.PNG


Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
New Contributor
Posts: 3
Registered: ‎04-02-2015

Re: Does Aruba Instant AP support RFC 3580 to configure called-station-id with SSID?

Hi Cappalli,

Thanks. My question is " Does the virtual controller of IAP really send the name of SSID in Radius message out to the Radius server ? "  I coludn't it in the capture file of Wireshark. How can I enable the meaasge of SSID to be sent out in IAP, or even by the CLI mode ?

 

Br.

Lewis

Jer
Contributor II
Posts: 58
Registered: ‎12-03-2015

Re: Does Aruba Instant AP support RFC 3580 to configure called-station-id with SSID?

Hi, anyone who has an anwers in this question? I'm in need of the same because I'm using Microsoft NPS to authenticate. I don't see the Aruba IAP sends the SSID within the called-station-id. I really require this as this is the only way to distinguish policy access between the SSÍD's.

The Aruba VSA is a solution when using clearpass but I don't so really need the IAP to send it in the called-station-id field.

 

The Aruba controller does support this option, so I'm wondering why the IAP could not.

I'm using 6.4.3.1 with 225 and 6.4.1.1 with 7220 ad 325.

 

Thanks!

Guru Elite
Posts: 19,982
Registered: ‎03-29-2007

Re: Does Aruba Instant AP support RFC 3580 to configure called-station-id with SSID?

Aruba Instant APs do not support RFC 3580 to configure called-station-ID with SSID.  The Aruba controllers just started supporting that in ArubaOS 6.4, but there is no promise that the Instant APs will support it.

 

At issue is that Microsoft NPS/IAS do not support using incoming 3rd-party VSAs (Vendor Specific Attributes) to make decisions about radius traffic.  Both the Aruba controllers and instant send the Aruba-Essid-Name VSA, but NPS has no way to process it.  How would you identify a different SSID on instant?  You would configure two Radius Authentication Servers in instant with the same ip address as your radius server, except, you would have a different nas identifier (below the nas identifier is ssid1), for each depending on which SSID you would want to authenticate it to:

 

instant-radius-ssid1.png

 

Again: Two radius servers, the only difference is the NAS-ID.  When you setup the SSIDs in instant, you use one radius server for one SSID and the other radius server for the other SSID.  How do you configure it on NPS?  You use the NAS identifier as a condition to determine which SSID the authentication is coming from:

 

nps-nas-id.png

 

I hope that makes sense..

 

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Jer
Contributor II
Posts: 58
Registered: ‎12-03-2015

Re: Does Aruba Instant AP support RFC 3580 to configure called-station-id with SSID?

Hi Colin, thanks for your quick and clear explanation. It surprises me somehow that Aruba just started supporting RFC3580 on their controllers and still not on the IAP's, if I compare this with other WLAN vendors. Hopefully this will be added to be supported by IAP as well.

However your workaround is a solution that fits my needs. I just tested it and it works like a charm.

 

Thanks again, really appreciated!

Occasional Contributor I
Posts: 7
Registered: ‎09-01-2016

Re: Does Aruba Instant AP support RFC 3580 to configure called-station-id with SSID?

Sorry for the thread necromancy, however, this is a very specific issue with little or no other places to lodge a comment in context.

 

 

What's surprising - and disappointing for the same reason, is this has been an RFC since 2003 and is even suplemented by RFC 7268 (albeit still at a proposed level).

 

Defining RADIUS servers on a one-to-one ration is fine for small deployments but clearly this doesn't scale.

 

We bought 150 (at a cost of around $140,000, which is far from insignificant for a not-for-profit) of these with the expectation that in being managed by Airware, we'd greatly reduce our administrative effort and cost, however, this unexpected surprise  - which arguably is my fault for not researching right down to the RFC level, has now shot that entirely in the foot.

 

This is a really disappointing outcome for what should be an entry level-but-solid enterprise WAP (more a comment on the IOS than the hardware, which is wonderful).

 

Cheers,

Lain

Guru Elite
Posts: 19,982
Registered: ‎03-29-2007

Re: Does Aruba Instant AP support RFC 3580 to configure called-station-id with SSID?

In what context do you use RFC 3580/7268?

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Search Airheads
Showing results for 
Search instead for 
Did you mean: