ArubaOS and Controllers

Reply
Occasional Contributor I
Posts: 9
Registered: ‎02-16-2011

802.1x Authentication on Aruba Controller

Hey

I want to authenticate wireless users with Active Directory. Is there any way to configure Aruba Controler as a radius server or can i configure the user authentication without third party radius server ?


Thanks
Aruba Employee
Posts: 42
Registered: ‎07-30-2010

Re: 802.1x Authentication on Aruba Controller

If you would want to use the AD to authenticate wireless users, you will need a backend server. If you do not wish to use a 3rd party radius server, have the user entry available in the internal DB of the controller.

Also, need to enable termination on the controller (for dot1x).
Barath Srinivasan
Customer Engineering Architect
Customer Advocacy | Aruba Networks Inc.
-----------------------------------------------------------------------------------------------------------
Did something you read in the Community solve a problem for you? If so, click "Accept as Solution", in the bottom right hand corner of the post.
-----------------------------------------------------------------------------------------------------------
Occasional Contributor I
Posts: 9
Registered: ‎02-16-2011

802.1x Authentication on Aruba Controller

Thanks for your reply

We do not have any internal user DB on controller. All the users are existing on Active Directory. In that case we need any IAS server for user authenticate. ? or if we will enable or configure 802.1x termination on controller so we need any third party radius server ?

Thanks
Frequent Contributor II
Posts: 128
Registered: ‎03-13-2008

Re: 802.1x Authentication on Aruba Controller

You will either need to put user in the internal DB of the controller or you can turn on IAS/NPS(radius) on your AD and point the controller to use radius.

It's easier to turn up NPS/IAS on AD if all of your user have credentials in AD already.
David Dipert
New Contributor
Posts: 4
Registered: ‎05-18-2010

plus

you can use eap-offload or termination : terminate 802.1x on the controller, so controller present the certificate, and after controller interoperate credential with your IAS/NPS in MS/CHAPv2.
Contributor II
Posts: 72
Registered: ‎05-22-2011

Re: 802.1x Authentication on Aruba Controller

Hi,

We have EAP-TLS implemented in our 3600 controller with termination using the controller. We installed certificates (CA and Aruba Controller) to the controller and certificates (CA and User cert.) to the client. All certificates came from thesame Certificate authority. We would like to add user authentication on top of what we have. We tried adding a username and password to our internal database and then added MSCHAPv2 as an inner termination. We were hoping that the EAP-TLS would authenticate, and them the MSCHAPv2 would kick in asking for the username and password. Unfortunately, it did not work. Is there a way to add user authentication to the aruba controller? We opened a case with TAC but we were told we need to purchase the firewall license. Any thoughts? Thanks.
Guru Elite
Posts: 21,491
Registered: ‎03-29-2007

Re: 802.1x Authentication on Aruba Controller

they are correct. If you had the Policy Enforcement Firewall, it could put the user into a Captive Portal profile that would require authentication. Without PEF, you cannot layer authentication methods like that.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: