Security

Reply
New Contributor
Posts: 4
Registered: ‎09-04-2015

Android with Cisco WLC and CPPM

Hey All,

 

I'm having a tough time getting an Android device to authenticate through a Cisco WLC (ver 8.2) to CPPM (ver 6.5.3) with EAP-TLS.

 

Our configuration works fine for Windows and Mac laptops, Apple iOS devices, and Windows phones. It is only the Android devices that are not working.

 

We have an older Trapeze controller (remember these?) system that we are replacing. It works great with the Android devices.

 

I've been working very closely with the Cisco team and have gathered traces in the air and on the wire. It looks like the certificate is reaching CPPM. It's just not handling the request. I was thinking about upgrading the version of CPPM to see if that helps. I'll also open a case with Aruba support.

 

Has anyone else experienced this issue?

 

--Patrick

 

Guru Elite
Posts: 20,343
Registered: ‎03-29-2007

Re: Android with Cisco WLC and CPPM

There is a huge variablility with device configuration for EAP-TLS on android.  Depending on the manufacturer (generic android, HTC, Samsung), the EAP-TLS supplicant configuration will be different.  Did you import the CA certificate as well as the client certificate on the Android device?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

New Contributor
Posts: 4
Registered: ‎09-04-2015

Re: Android with Cisco WLC and CPPM

We have a variety is Android device vendors to test with. I don't have a list of them now. None are working with the Cisco/CPPM setup. These same devices work fine if we take them to one of the locations with the older Trapeze/CPPM setup.

 

I'll double check the certificate but I do think that the CA cert is installed on each device.

Guru Elite
Posts: 20,343
Registered: ‎03-29-2007

Re: Android with Cisco WLC and CPPM

The controller should not really matter because it is just a radius passthrough, unless you are doing EAP termination on the trapeze controller.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

New Contributor
Posts: 4
Registered: ‎09-04-2015

Re: Android with Cisco WLC and CPPM

I figured this out.  It turned out to be an issue with how certificates are being deployed by our MDM solution which is Mobile Iron. I removed all Mobile Iron configs and manually placed a cert on the device and everything works well. I sustect that our MDM solution is not getting the intermediate or root cert in place. I will work with our Mobile Iron admins to figure that out.

Search Airheads
Showing results for 
Search instead for 
Did you mean: