Controller Based WLANs

Block devices using aruba certificate

Aruba Employee

Question-How to block devices from using Aruba certificate and use customized certificate for authentication

Environment- This article is applicable for controllers running 6.1.x and above

Answer- Initially "crypto isakmp block-aruba-ca enable" command blocks usage of all aruba issued RAP certificates. This was added to support custom certs on RAPs. 

As per request from 6.1.4.4 FIPS release, extended this functionality to block validation of aruba issued certificates presented by every client ex: CPSEC CAP, RAP, master-local, VIA etc. The crypto isakmp block-aruba-ca command now applies to all IPsec connections regardless of the connection type. Previously the command applied only to RAP connections. Note that when using this command, features such as CPsec that depend on factory-installed device certificates no longer function. To use master/local communication when this command is enabled,you must use custom certificates.

(Master) #show crypto isakmp block-aruba-ca
Block ARUBA certified clients
-------------------------
Disabled

(Master) (config) #crypto isakmp block-aruba-ca ?
disable                 Accept the ARUBA certified client certificates.
enable                  Reject the ARUBA certified client certificate. Use custom certificates

Description
This command configures the controller to accept or reject Aruba certified clients.
enable Accept Aruba certified client certificates.
disable Reject Aruba certified client certificates and use custom certificates instead.

Related Links- https://arubanetworkskb.secure.force.com/pkb/articles/HowTo/Does-Aruba-Raps-supports-custom-certificate-and-how-to-implement-it

Version history
Revision #:
1 of 1
Last update:
‎04-05-2015 10:14 PM
Updated by:
 
Labels (1)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.