Community Expert Day 1/17/14

Reply
Aruba Employee

Certificate-based Security for IAP/AMP Communication

Problem:
=======
The existing security model for IAP/AMP communication is based on a pre-shared secret; it can be considered weak by managed service providers
 
Solution:
=======
* IAP support the same certificate-based mutual authentication scheme as that for Activate/Aruba Central communication
* Requires the AMP to support uploading a custom certificate to be uploaded through its UI
 
P.S
* IAP will use certificate-based authentication if no pre-shared secret is set in its AMP configuration
* The AMP certificate must be signed by Komodo, Geotrust, or Google Public Internet Authority
* IAP must be configured with the AMP Server’s certified domain name
 
About Airwave server/backup server, ip address or domain name are supported now
Picture14.jpg
 
Commands to verify
=================
AMP status: show ap debug airwave

 

d8:c7:c8:c4:57:38# show ap debug airwave


Airwave Server List
-------------------

Domain/IP Address  Type     Mode     Status
----------------- 
----     ----     ------
10.65.182.15      
Primary  Monitor  Login-done

 

awc logs
=======
 
show log ap-debug
Picture15.jpg

 

 

 

Preethi Devarajan
Sr. Network Engineer
Customer Advocacy | Aruba Networks Inc.
Did something you read in the Community solve a problem for you? If so, click "Accept as Solution" in the bottom right hand corner of the post.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: