ArubaOS and Controllers

Reply
Occasional Contributor II

machine based certs and wap access

Hi all,

We are doing a proof of concept with aruba controllers and waps. Our security team would like us to use computer based certificates to authenticate to the waps. The laptop we are testing with has a computer based cert that is autoenrolled from group policy. When we try to connect to the WAP we get a bubble on the laptop(XP client) saying that 'Windows was unable to find a certificate to log you to the network'. I verified the the computer cert was valid.

Is it possible to just use computer certs to allow access to the wap? Will it require user authentication as well? Also will we need a RADIUS server for the setup?

I was thinking that we could just terminate the computer cert on the controller and access to the wap would be granted.

Thanks in advance.
Guru Elite

Certificate-Based Authentication or EAP-TLS

You might want to read the Aruba whitepaper "Building Global Security Policy for Wireless LANs" here http://www.arubanetworks.com/pdf/technology/whitepapers/wp_Global_security.pdf to see what works and what doesn't work, in terms of wireless security.

After you read that, Microsoft has information about how to setup certificate-based (EAP-TLS) networks here: http://support.microsoft.com/kb/318710 (I know it says Windows 200, but the principles still apply). Quite frankly, you will be doing most of your work on the Microsoft Server side. The Aruba Controller only points to the Microsoft Radius Server (IAS) and lets a client onto the network when it gets a positive response back.

EAP-TLS is quite frankly one of the most difficult of all the Extensible Authentication Protocol (EAP) types to configure, install and manage, to say the least. EAP-PEAP is easier and step-by-step configuration of the server and the client is covered in the ArubaOS user Guide in one of the Appendices.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II

Re: machine based certs and wap access

Is there a way to use the Aruba as the termination point for computer certificate authentication instead of RADIUS?
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: