was looking if this is possible: Doing EAP-TLS, so client cert authentication with only Aruba Instant, so no radius server or such.
some googling turned up mixed results.
this support document seems to indicate it is possible: http://www.arubanetworks.com/techdocs/InstantHTML/Content/Chapter11%20Authentication/AuthenticationServer.htm
although how remains vague.
then some airheads threads, here it is mentioned it isn't easy:
http://community.arubanetworks.com/t5/Aruba-Instant-Cloud-Wi-Fi/IAP-TLS-authentication/td-p/48946
here it mentioned twice it is possible (limitations are mentioned, but not which) but without details:
http://community.arubanetworks.com/t5/Aruba-Instant-Cloud-Wi-Fi/Terminate-eap-tls-on-IAP/td-p/242330
http://community.arubanetworks.com/t5/Aruba-Instant-Cloud-Wi-Fi/EAP-TLS-termination-on-IAP/td-p/202459
so i started to configure it myself. first loaded a server certificate (cert / key) and a CA. then configured the SSID Security section like this.
Key management: WPA-2 Enterprise
Termination: Enabled
Authentication server 1: ?
and now i was stuck, because why do i need a Authentication server and why can't i select the Internal one if it is really needed. so i took a chance and just selected my CPPM server.
and it worked ... without recieving anything on the CPPM server. if i disable termination i do see the username (CN from cert) being send to CPPM, but with Termination Enabled it seems to function fine.
some questions:
1) is this how you do client certificate based authentication with an IAP only?
2) is the fact you need to select a Authentication server but it isn't used a known issue? the fact you can't select the EAP type might be related here, but im looking for some documentation saying this is how it should work. im using version 6.4.2.6-4.1.1.6_50009 will try a newer soonish
3) is it correct you can't use the internal database for WPA Enterprise SSIDs in combination with Termination?
4) anyone see issues with my approach, i tested with Windows, that worked, but perhaps not with others?