Wireless Access

Reply
Occasional Contributor II

AAA FastConnect problem (802.1x with NPS, termination on the controller)

Hi,

 

I have a configured lab test environment, which contains an Aruba 7x00 Controller, a couple of APs, and a Windows based RADIUS (NPS) server.

 

Everything works fine, users can authenticate, till I enabled the termination on the controller. Do I need to install any certificate on it to make it works? (tried install the server cert used for connect on the clients, but got error message: Error Uploading Certificate: Cert missing private key and failed to find a key generated from a CSR request in the system to match it)

 

NPS configuration:

NPS Networks PoliciesNPS Networks PoliciesNPS Connection Request PoliciesNPS Connection Request Policies

User access before Termination enabled (works):

nps4.JPG

Denyed access after Termination enabled:

nps3.JPG

 

As I see users try to connect by EAP-PEAP and MSChapv2, and that was enabled in the network policy, but correct me!

 

(Controller configuraton attached.)

Re: AAA FastConnect problem (802.1x with NPS, termination on the controller)

Hey, you will need to upload the certificate to the controller. Have you taken a look at the below yet? Do you have a CSR and a certificate generated or a certificate already with the private key combined in it?

 

http://community.arubanetworks.com/t5/Controller-Based-WLANs/How-does-dot1x-termination-work/ta-p/178566

 

 


ACMA, ACMP, ACSA
If my post addresses your query, give kudos:)
Guru Elite

Re: AAA FastConnect problem (802.1x with NPS, termination on the controller)


SkiP wrote:

Hi,

 

I have a configured lab test environment, which contains an Aruba 7x00 Controller, a couple of APs, and a Windows based RADIUS (NPS) server.

 

Everything works fine, users can authenticate, till I enabled the termination on the controller. Do I need to install any certificate on it to make it works? (tried install the server cert used for connect on the clients, but got error message: Error Uploading Certificate: Cert missing private key and failed to find a key generated from a CSR request in the system to match it)

 

NPS configuration:

NPS Networks PoliciesNPS Networks PoliciesNPS Connection Request PoliciesNPS Connection Request Policies

User access before Termination enabled (works):

nps4.JPG

Denyed access after Termination enabled:

nps3.JPG

 

As I see users try to connect by EAP-PEAP and MSChapv2, and that was enabled in the network policy, but correct me!

 

(Controller configuraton attached.)


If you have authentication working with your radius server, turning on Termination (AAA Fastconnect) does not add anything.  Termination is a workaround for users who cannot get a certificate on their radius server or are forced to authenticate to LDAP.  Authenticating to a radius server with Termination enabled would require you to upload a server certificate to your controller which is more work, for the same authentication you already have working...



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: