Security

Reply
cbw
New Contributor
Posts: 1
Registered: ‎03-14-2013

Apple TV 802.1X/PEAP authentication

Has anyone successfully gotten 802.1X/PEAP working with an Apple TV? The latest firmware supports it, but requires you to pre-load a profile on the device, and Apple's knowledge base aritcle doesn't seem to get it working.

Regular Contributor I
Posts: 163
Registered: ‎04-11-2011

Re: Apple TV 802.1X/PEAP authentication

So I learned a little tip about apple TV and 802.1x yesterday at the airheads conference. The apple Tv does not have an internal clock therefore cannot check the valid dates on the certificate. Try setting the date and time on the apple TV and see if that works.
Contributor II
Posts: 56
Registered: ‎05-23-2011

Re: Apple TV 802.1X/PEAP authentication

So, this is a tricky situation.  Apple TV is setup to connect to a 802.1x network, but can't connect to it without a valid certificate.  The certificate cannot be validated without a correct time (via NTP).  It cannot connect to ntp without a valid network connection.  And it can't connect to the 802.1x network without a valid certificate!

 

Talk about Catch-22!

 

Is there a way to setup an SSID for Apple TV's only to connect to.  Have this SSID have a pre-authenticated vlan setup and then authenticate via 802.1x after a valid certificate is established (via a time set on the Apple TV from NTP?

Regular Contributor I
Posts: 163
Registered: ‎04-11-2011

Re: Apple TV 802.1X/PEAP authentication

It's been a while since I configured an Apple TV, but can't you set the time manually on the device in it's setup?  If so, it should be able to validate the certificate then.

Contributor II
Posts: 56
Registered: ‎05-23-2011

Re: Apple TV 802.1X/PEAP authentication

You cannot, you must go through an NTP server from what I've found.

Occasional Contributor II
Posts: 19
Registered: ‎05-08-2013

Re: Apple TV 802.1X/PEAP authentication

Hi Guys

 

Has anybody found an answer to this yet. I have about 40 apple tv's at a school and need to find a solution.

 

 

Contributor II
Posts: 56
Registered: ‎05-23-2011

Re: Apple TV 802.1X/PEAP authentication

Trav,

 

We created a new hidden SSID.  We assigned a WPA2 pre-shared key to it, and the Apple TV's connect to this just fine.

 

We put the SSID into the same VLAN pool as our WPA2-Enterprise.

 

If they happen to get the same VLAN assignment it works.  If they don't, it doesn't.  Enabling Airgroup fixes that, but you can then also see all of the other Apple TV's at each other location (the list is way too long, and it doesn't show all of them).  I have an open ticket with support, and another post detailing this out at:

 

http://community.arubanetworks.com/t5/ArubaOS-and-Mobility-Controllers/6-1-3-6-Airgroup-HOWTO-Limit-Airplay-per-vlan-pool/td-p/95332

Occasional Contributor II
Posts: 19
Registered: ‎05-08-2013

Re: Apple TV 802.1X/PEAP authentication

Thanks very much.

 

I ended up creating the suggested SSID with a psk. I do beleive that apple is about to release its new iOS 7 software for apple tv which is rumoured to fix the time and certificate issue.

 

So hopefully in a week or two we will have a fix.

Regular Contributor I
Posts: 163
Registered: ‎04-11-2011

Re: Apple TV 802.1X/PEAP authentication

Couldn't you also just wire the device into the LAN during setup?  Set the clock, then attach it to the PEAP ssid?

Occasional Contributor II
Posts: 19
Registered: ‎05-08-2013

Re: Apple TV 802.1X/PEAP authentication

You can do but if the device looses power it does not have a battery backup for the date and time. Therefore everytime the device restarts it has to re set the date and time. Hence the problem. The easiest s to create a hidden ssid with a psk.

Search Airheads
Showing results for 
Search instead for 
Did you mean: