Security

Reply
Super Contributor I
Posts: 293
Registered: ‎02-07-2013

Up to date document on configuring VIA

Is there an up to date document on how to configure VIA? I'm runing ArubaOS 6.4.3.6 and following the


Virtual Intranet Access (VIA) Tech note. Problem is that its a bit old and some thing don't line up. Got to the state where I'm supposed to
define where a VIA connection goes for authentication.  The doc says configure a Via Authentication profile
a
aaa authentication via auth-profile "via-auth"
 
Cant see where to create it. from the command line, aaa authentication doesn't have a "via" option. In the GUI under "Advanced/All Profiles/ there isn't a VIA Authenticaiton OProfile sub heading.
 
 
..... in fact theres none of the VIA set of profiles visible
A
 
 
Guru Elite
Posts: 8,320
Registered: ‎09-08-2010

Re: Up to date document on configuring VIA

Do you have PEFV licenses?


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Super Contributor I
Posts: 293
Registered: ‎02-07-2013

Re: Up to date document on configuring VIA

Doen't look like it, are these something I can get hold of as eval licenses ?

 

Failing that, if I just want to do l2tp/ipsec  using built in features of windows and osx, do I need these licenses anyway?

 

Rgds

A

Super Contributor I
Posts: 293
Registered: ‎02-07-2013

Re: Up to date document on configuring VIA

o.k.

obtained eval license and installed it.

configured clearpass to authenticate user.

 

Question 1 :- do you normally set up 2 auth services for VIA, one for the web auth component and one for the VIA client? Was trying to uniquely identify a mobility controller doing  VIA authentications.

 

Ended up with

Web auth= NAS-IP-Address, NAS-Port-Type and Service-Type

VIA Auth = NAS-ID,nas-ip-address,nas-port and nas-port-type

 

Which does work.

 

Could just specify nas-port-type=5 but doesn't seem like enough.

 

Question 2 :-

 

On my os x system, I downloaded the installer and after it downloaded the VIA config and I logged off and back in again, everything worked and I ended up with a valid IP address assigned.

 

On my iOS system, having downloaded the App and entered my credentials, when I try connecting, I get

 

"Certificate Error, please check your certificate. it may be incorrect or expired"

 

Now the iOS app seems to be using an auth-profile called via whereas the downloaded client is using the one I defined, i.e. via-auth

Had a peek on the controller and can't see an auth profile called via ... or do I have to create one?

Rgds

Alex

 

 

Search Airheads
Showing results for 
Search instead for 
Did you mean: