Security

Reply
Occasional Contributor II
Posts: 11
Registered: ‎11-07-2014

802.1x without web authentication

Hİ all,

 

I wonder can I use 802.1x authentication type without using web authentication. I only want that client to get authenticate with their Domain Name and Password.

 

If it is possible how should we need to configure the Aruba Controller 7220. Do we need to configure anything on menu of Configuration in Top, and Wireless menu in the left side, with Domain name of this place and  in AAA menu there is 802.1x, or how?

 

Thanks,

Best Regards

Occasional Contributor II
Posts: 11
Registered: ‎11-07-2014

Re: 802.1x without web authentication

Hi,

 

Sorry I mean Configuration, Security and AAA menu

 

Thanks

Contributor II
Posts: 43
Registered: ‎03-31-2014

Re: 802.1x without web authentication

First of all you should add your radius servers to server group in your controller(Configuration>Authentication>Servers>Radius Server. Then under VAP profile, you shoud point this server group in aaa profile related to your profile.

 

Then your initial role(role before authentication) for your users should be logon and Default Role for 802.1x Authentication(role after 802.1x authentication) must be authenticated.

 

Check for your Captive Portal authentication. And disable it if neccesarry. 

 

Optionally, you can use Aruba Controller's internal server for radius services.

Occasional Contributor II
Posts: 11
Registered: ‎11-07-2014

Re: 802.1x without web authentication

Thanks for your reply,

 

Yes I already done all those configuration. I can connect to wifi via cellular phone, but, can not connect with my laptop or another PC. I think there is PAP authentication problem. 

 

I download securew2 program, after that I am able to connect to wifi via my PC. This is a campus, so, I dont want to force all students to download this program.

 

Thanks

Best Regards

Contributor II
Posts: 43
Registered: ‎03-31-2014

Re: 802.1x without web authentication

Can you detail the problem a little bit more. It seems that I misunderstand the problem. What is the complaint of users? What is happening when they try to access to wireless network?

Occasional Contributor II
Posts: 11
Registered: ‎11-07-2014

Re: 802.1x without web authentication

I have try to authentication via RADIUS with wpa2. I config RADIUS on Aruba Controller. Telephones are authenticate with PAP authentication as a default if I am not wrong. But PCs authenticate default is not PAP. When laptop clients try to access to network with wifi they are having problem with says authenticate problem. 

 

I want to use MCHAP authenticate method on Aruba Controller 7220 is it possible?

 

Thanks 

Best Regards

Contributor II
Posts: 43
Registered: ‎03-31-2014

Re: 802.1x without web authentication

Yes, MCHAP is possible. 

 

There is a Diagnostic tab on the controller web UI. Click on it and at the right side there is AAA server test. You can choose MCHAP and test your PC client if server returns the answer successfully. Don't forget to add your controller's ip address as a Radius Client to the server.

 

At 802.1x side Aruba controller is some kind of a middle-man between the client and the server. For successful authentication you should confirm both your server and controller side. As their settings are correctly matched for successful authentication. 

Occasional Contributor II
Posts: 11
Registered: ‎11-07-2014

Re: 802.1x without web authentication

Sorry my mistake, I was trying to say I want to do PAP authentication for Laptops. Yes, there is MCHAP authentication, but with MCAHP authentication I can only login with my telephone.

 

I couldn't find any PAP authentication in controller. 

 

Or what authenticate do I need to do for laptops, I try all of them but couldnt get avoid from this stuation.

 

Thanks

MVP
Posts: 1,405
Registered: ‎11-30-2011

Re: 802.1x without web authentication

i don't believe the native windows wireless client supports PAP. have a look at this list for one that might be able to help you:

 

http://en.wikipedia.org/wiki/Comparison_of_wireless_LAN_clients

 

forcing users to use one or another program might be dificult if you don't have control over their systemens.

 

anyhow: why not use MSCHAPv2? PAP is not really secure.

Search Airheads
Showing results for 
Search instead for 
Did you mean: