Controller Based WLANs

With EAP-TLS, how to check user certificate common name against AAA server?

Introduction : Method to check if the user's submitted certificate Common name is valid with the AAA server, when EAP termination is on the controller.

 

Feature Notes : This document is tested and written based on AOS 6.4.0.

 

Environment : EAP TLS Authentication - Client has a certificate issued for it - EAP termination on controller - CPPM as the Radius server.

 

Network Topology : rtaImage.jpg

 

Configuration Steps :

 

In the Dot1x profile, ensure that termination is enable and EAP-TLS is selected. Server cert and CA cert to be uploaded and mapped.

option of "Check Certificate Common name against AAA server" is selected.

rtaImage.jpg

 

Answer:


Enabling "check certificate common name against AAA server" will trigger a validation against the configured AAA server.

Verification :

 

From Auth-trace buf one should be able to see that the controller is validating User CN against the Radius server.

rtaImage.png

 

Troubleshooting :

 

We can check the authentication process in "show log security".

rtaImage.png

Version History
Revision #:
1 of 1
Last update:
‎11-10-2014 11:45 AM
Updated by:
 
Contributors
Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.