Security

Reply
Contributor I
Posts: 31
Registered: ‎02-08-2016

clearpass Server Certificate and neverlethess connection with Iphone

Hi,

 

this is a company with 30 IAP + Clearpass + Airwave.

1. we had an authentication allowed via AD. works !

2. now we installed an Certificate on clearpass and i think it works.

3. Where can i see with wich method i logged in in Wifi ?? Certificate or Username and PW ??

4. My goal is, that only employees with their notebook have access to the Wifi via Certificate.

and why i have still access with my iphone to the wifi ? There is somewhere i must change something in clearpass right ?

 

thx

Salvatore

Guru Elite
Posts: 20,572
Registered: ‎03-29-2007

Re: clearpass Server Certificate and neverlethess connection with Iphone

Do your laptops use EAP-TLS ro do they also use PEAP/MsCHAPv2?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor I
Posts: 31
Registered: ‎02-08-2016

Re: clearpass Server Certificate and neverlethess connection with Iphone

Hi,

 

on the Laptop we set PEAP with certificate control.

On clearpass we set the following authentication sequence: 1. TLS and 2. PEAP.

 

If we remove the PEAP, we don`t have access to the wifi.

If we added again everything works fine.

 

Now i want understand, where i can see in which method i logged in ?

second: What must be configured on clearpass to use first: certificate and then maybe UserName and PW ?

 

Thx

Salvatore

 

 

Guru Elite
Posts: 20,572
Registered: ‎03-29-2007

Re: clearpass Server Certificate and neverlethess connection with Iphone

[ Edited ]

So it looks like both of your devices (your laptops and your phones) are using EAP-PEAP/MsChapV2.

There is no certificate checking, except on the client side.  The server does not check certificates and the clients only submit username and password.  It does not look like you are using TLS.

 

If you want to  keep phones off of the network with username and password is to use Machine Authentication:  EDIT:  Please use the method here :  http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/Enforce-Machine-Authentication/td-p/58918/highlight/true/page/2

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor I
Posts: 31
Registered: ‎02-08-2016

Re: clearpass Server Certificate and neverlethess connection with Iphone

Hi,

 

when i check Monitoring Access Tracker i see:

 

Action Methods: EAP-PEAP,EAP-MSCHAPv2

 

Why ?

Under my Authentication Methods i have

1. EAP TLS

2. EAP PEAP

 

why he user the PEAP first ? and how can i check if my Certificate is installed correctly or functions correctly ?

Contributor I
Posts: 31
Registered: ‎02-08-2016

Re: clearpass Server Certificate and neverlethess connection with Iphone

Hi,

 

i think we can close this Topic.

Solution was, i added our certificates to the trustet List and now it works.

We receive the following Message:

Access Tracker - Live Monitoring:

Authentication Method: EAP-PEAP,EAP-TLS  <<<--- think thats right.

 

Thx

Salvatore

Search Airheads
Showing results for 
Search instead for 
Did you mean: