Controllerless Networks

Reply
New Contributor

Source IP address for Authenticator with IAP dot1x

Hello,

I have an IAP cluster with Dot1x configured, and the RADIUS server Microsoft Domain Controller with the NPS role enabled for EAP-TLS. On the DC or any RADIUS controller, the IP address of the authenticator needs to be configured. In the setup I have, the authenticator keeps changing. The source IP address of the authenticator is the one of the AP to which the supplicant is associated and changes when the supplicant moves to a different AP. I have an IP address for the Virtual Controller configured and it works, I can access the VC through this address. Is this the expected behavior? Does it mean that I need to configure the IP addresses of all the APs as clients on the DC or RADIUS server?

Thank you,

Christophe.

Guru Elite

Re: Source IP address for Authenticator with IAP dot1x

You need to enable Dynamic RADIUS proxy and then the NAS-IP will be the VC’s address.

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Guru Elite

Re: Source IP address for Authenticator with IAP dot1x

http://community.arubanetworks.com/t5/Controller-less-WLANs/What-is-dynamic-radius-proxy-and-related-settings-in/ta-p/180918


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: