Remote Networking

Reply
New Contributor
Posts: 4
Registered: ‎04-13-2009

RAP2 & 5 with wired 802.1x

I need to create a profile for our RAP2 and RAP5 devices. These devices will be used for home users and remote offices. Security is pretty tight and we want to make sure only those allowed get connected via a wire. So we want to do tunneling on the wired ports on the RAP's and do auth via 802.1x with a certficate that is issued to every client in the company via group policy. Documentation on this is pretty weak or I havent come across the right document. I was hoping to get a decent walkthrough in what needs to be done to make this happen. I assume I need a GP for the wired port like I have for my wireless. Then I also need to configure the policy on the Aruba controller. As for what needs to be set for machine and user auth and such I'm a little lost.
Guru Elite
Posts: 21,488
Registered: ‎03-29-2007

Wired 802.1x

On the Windows Client side, you need to ensure that the Wired Autoconfig Service is Running.

On the Aruba Controller Side, Ensure that you use the WLAN/LAN Wizard in ArubaOS 5.0 to create the wired SIDE:






I can only include 4 pics in my message, but the screens following allow you to setup a Radius Server that you want authentication pointed to as well as the "success" role of wired users.

Let us know how it goes.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

New Contributor
Posts: 4
Registered: ‎04-13-2009

Re: RAP2 & 5 with wired 802.1x

Does this require 5.0 to work? Or does the Wizard in 5.0 just make it easier to configure?
Aruba Employee
Posts: 509
Registered: ‎07-03-2008

Re: RAP2 & 5 with wired 802.1x

Here's some sanitized portions of my config. In this example, ports 2, 3, and 4 of our RAP-5s require .1x auth.

aaa authentication-server radius "RADIUS"
host 1.1.1.1
key xxxxxxxxxxxxxxxxxx
!
aaa server-group "radius"
auth-server RADIUS

aaa authentication dot1x "employee"

aaa profile "RAP-wired"
initial-role "Deny-All"
authentication-dot1x "employee"
dot1x-default-role "RAP-ST-ROLE"
dot1x-server-group "radius"


ap wired-ap-profile "RAP-AuthWiredAPV10"
wired-ap-enable
switchport access vlan 10

ap wired-port-profile "RAPAuthWiredPortV10"
wired-ap-profile "RAP-AuthWiredAPV10"
aaa-profile "RAP-wired"

ap-group "RAP-APGROUP-V10"
virtual-ap "xxxxxxxxx"
enet1-port-profile "xxxxxxxxxxxxx"
enet2-port-profile "RAPAuthWiredPortV10"
enet3-port-profile "RAPAuthWiredPortV10"
enet4-port-profile "RAPAuthWiredPortV10"
ap-system-profile "RAP-APSYSTEM"
dot11a-traffic-mgmt-profile "default"
dot11g-traffic-mgmt-profile "default"
provisioning-profile "RAP-PILOT"
Guru Elite
Posts: 21,488
Registered: ‎03-29-2007

Does Not




Does not require 5.0 to work.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: