Wireless Access

Reply

Connecting 3rd party wireless bridge to WLAN

Hey guys,

I need to set-up a wireless client bridge (HP 501) on my WLAN. It's working in workgroup bridge mode.

I can connect it to my network using a open SSID or PEAP but I can't have it working with EAP-TLS.


The product documentation is quite poor and doesn't explain well, i'm not sure if I need to install a client or a server certificate on it ?

Also there is 2 mandatory fields : one for username and one for password. 

 

Here's a screenshot from the documentation

 

2015-08-18 10_07_18-h10032.www1.hp.com_ctg_Manual_c04035155.png

 

I just completed a CSR and sent it to the CA, I don't really get the ''Identity'' field.

Any help would be appreciated :)

ACMP, ACCP, BCNE

Re: Connecting 3rd party wireless bridge to WLAN

You should need a client certificate sourced from the same PKI as your RADIUS server's cert so that it's trusted. Not sure about any identity field, that may be a question for HP-s supporth with the 501. I've never seen anyoe do TLS with the 501, only PEAP. 

Jerrod Howard
Sr. Techical Marketing Engineer

Re: Connecting 3rd party wireless bridge to WLAN


jhoward wrote:

You should need a client certificate sourced from the same PKI as your RADIUS server's cert so that it's trusted. Not sure about any identity field, that may be a question for HP-s supporth with the 501. I've never seen anyoe do TLS with the 501, only PEAP. 


Yes, I will open a ticket with HP to have more details !

 

I guess any 3rd party bridge is the same scenario ? maybe someone around the airheads community knows :)

ACMP, ACCP, BCNE
Occasional Contributor II

Re: Connecting 3rd party wireless bridge to WLAN

Did you ever get this worked out? We are seeing a similar issue even though the cert comes from the same PKI.

Re: Connecting 3rd party wireless bridge to WLAN


agriffin wrote:

Did you ever get this worked out? We are seeing a similar issue even though the cert comes from the same PKI.


Hi, yes, the problem was due to the identity field which wasn't accepting enough character even tho it appeared correctly in the GUI.

 

We had this resolved with engineering and help from our local SE in firmware version 1.0.1.1 : [ 182619 ] Increased the maximum allowable characters for the EAP-TLS Identify field

I would also highly suggest you to update to version 2.0.0.0 which just came out 2-3 weeks ago. It now supports using Aruba ARP optimization feature which is a good thing.

Cheers,

ACMP, ACCP, BCNE
New Contributor

Re: Connecting 3rd party wireless bridge to WLAN

Any chance you can elaborate on how you got this to work with EAP-TLS? I tried issuing an onboard certificate to it so that its signed by the radius server. Then I exported a .pem format and used the username as the "identity" field and the user password as the private key. In clearpass i keep getting EAP requests with an error saying EAP method unsupported. I know its no clearpass becuase i have EAP-TLS clients connected already. ANY help is appreciated.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: