06-21-2011 04:54 PM
VIA with IKEv2 is now capable of using certificate on the machine.
we want to use VIA on our notebook and we want to utilize the EAP-TLS using our PKI infrastructure any documentation or help is highly appriaciated.
note: i already look on user guide 6.1 doesnt explain how to configure it.
06-22-2011 07:29 AM
This is not available currently in the VIA client, as of yet.
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
06-22-2011 07:49 AM
so its in the controller but the VIA Agent cant use it?
here what i see in 22.214.171.124
aaa authentication via connection-profile "sva_via-profile"
07-22-2011 03:30 PM
Do you really need EAP-TLS? Or do you just want to perform certificate based authentication? It is possible to use IKEv2 with "ikev2auth user-cert" set in the VIA connection profile. This means the controller itself will validate the client certificate. To do this, you'll need to load a server certificate on the controller, as well as the CA's public certificate which it will use to validate the client cert. To check certificate validity (non-revoked), you can use OCSP. This setup does work, at least for the limited amount of testing that I've done.
Jon Green, ACMX, CISSP