07-30-2014 09:58 AM - edited 07-30-2014 10:53 AM
We are using a Cisco ACS 5.X's Radius server for remote authentication of an AMP server (ver. 7.7.12). We also use it to authenticate admin access of an OAW 4704 without any problems. However, we can't get the ACS's users to log into the AMP. We have checked the logs of the ACS and they show that the authentication has been successful, yet we are still unable to use the ACS database to log in.
The AMP is configured to use the ACS Radius server for access authentication (internal database as backup), ports are defined in both sides and auth key has been re-checked.
We think it might have something to do with the profile the ACS is giving to the AMP users that succeed to authenticate, but, also, we see a parameter we don't quiet understand: a CoA port option when creating an authentication client.
Anybody uses or has used this and was able to make it work?
Thanks for any help in advance.
Edit: We found a config guide for the process with a cisco device, what changes would need to be made to use the AMP instead?
07-30-2014 04:06 PM
You need to return the Aruba-Admin-Role attribute in ACS that matches a role in Airwave.
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
08-11-2014 10:14 AM
We ultimately ended up creating/importing the dictionary set for Aruba attributes found in the Aruba Doc Center, and then created the Network Access rule in the ACS for it to deliver the role we needed to the authenticated users (which was previously created in the AirWave server). Result: successful login into the AirWave using the ACS's Radius database.
Thanks for your help so far, it really helped figure out this matter.