Wireless Access

Reply
Occasional Contributor II

AAA FastConnect problem (802.1x with NPS, termination on the controller)

Hi,

 

I have a configured lab test environment, which contains an Aruba 7x00 Controller, a couple of APs, and a Windows based RADIUS (NPS) server.

 

Everything works fine, users can authenticate, till I enabled the termination on the controller. Do I need to install any certificate on it to make it works? (tried install the server cert used for connect on the clients, but got error message: Error Uploading Certificate: Cert missing private key and failed to find a key generated from a CSR request in the system to match it)

 

NPS configuration:

nps1.JPGNPS Networks Policiesnps2.JPGNPS Connection Request Policies

User access before Termination enabled (works):

nps4.JPG

Denyed access after Termination enabled:

nps3.JPG

 

As I see users try to connect by EAP-PEAP and MSChapv2, and that was enabled in the network policy, but correct me!

 

(Controller configuraton attached.)

Re: AAA FastConnect problem (802.1x with NPS, termination on the controller)

Hey, you will need to upload the certificate to the controller. Have you taken a look at the below yet? Do you have a CSR and a certificate generated or a certificate already with the private key combined in it?

 

http://community.arubanetworks.com/t5/Controller-Based-WLANs/How-does-dot1x-termination-work/ta-p/178566

 

 


ACMP, ACSA, ACDX #985
If my post addresses your query, give kudos:)
Guru Elite

Re: AAA FastConnect problem (802.1x with NPS, termination on the controller)


SkiP wrote:

Hi,

 

I have a configured lab test environment, which contains an Aruba 7x00 Controller, a couple of APs, and a Windows based RADIUS (NPS) server.

 

Everything works fine, users can authenticate, till I enabled the termination on the controller. Do I need to install any certificate on it to make it works? (tried install the server cert used for connect on the clients, but got error message: Error Uploading Certificate: Cert missing private key and failed to find a key generated from a CSR request in the system to match it)

 

NPS configuration:

nps1.JPGNPS Networks Policiesnps2.JPGNPS Connection Request Policies

User access before Termination enabled (works):

nps4.JPG

Denyed access after Termination enabled:

nps3.JPG

 

As I see users try to connect by EAP-PEAP and MSChapv2, and that was enabled in the network policy, but correct me!

 

(Controller configuraton attached.)


If you have authentication working with your radius server, turning on Termination (AAA Fastconnect) does not add anything.  Termination is a workaround for users who cannot get a certificate on their radius server or are forced to authenticate to LDAP.  Authenticating to a radius server with Termination enabled would require you to upload a server certificate to your controller which is more work, for the same authentication you already have working...


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: