Wireless Access

Reply
Frequent Contributor I
Posts: 178
Registered: ‎05-18-2011

IAP 105 Authentication (Captive Portal & 802.1x)

IAP authentication method for Captive portal or 802.1x which one should i choose on Microsoft RADIUS server? I have attached the screen capture. My customer now use Windodws 2008 server. I did try to multiple selection but the fail to login. I'm sure that IAP VC (virtual controller) able communicate with the Microsoft RADIUS server because their is no error message on failure communicate with Microsoft RADIUS server.

 

What i know is Captive Portal authentication on the Microsoft RADIUS server have to choose PAP or SPAP, right?

 

Please advise.

MVP
Posts: 1,408
Registered: ‎05-28-2008

Re: IAP 105 Authentication (Captive Portal & 802.1x)

[ Edited ]

start read some info here:

http://www.arubanetworks.com/techdocs/InstantMobile/Advanced/Content/External%20RADIUS%20Server.htm

 

In RADIUS server setup, be sure to put the "NAS IP Address" as the VC IP address, and

In Advanced tab enable "Dynamic RADIUS Proxy"

 

this link will assist you in the radius side:

Step-by-Step: How to Configure Microsoft NPS 2008 Radius Server from Scratch

http://community.arubanetworks.com/aruba/attachments/aruba/115/6113/1/Using+Microsoft+Windows+2008+Server+With+Aruba.pdf

 

 

more info:

http://community.arubanetworks.com/t5/ArubaOS-and-Mobility-Controllers/Aruba-and-Windows-2008-NPS-issue/m-p/34609/highlight/true#M3312

 

more info (with youtube movies and examples in front of ClearPass):

http://community.arubanetworks.com/t5/Read-Only-Archive-Airheads/How-to-authenticate-on-IAP-using-external-captive-portal-and/td-p/87032

 

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
Frequent Contributor I
Posts: 178
Registered: ‎05-18-2011

Re: IAP 105 Authentication (Captive Portal & 802.1x)

I did try choose the EAP-MSCHAP v2 on the Windows RADIUS server for 802.1x authentication but fail to authenticate. 

 

Please advise.

 

 

MVP
Posts: 1,408
Registered: ‎05-28-2008

Re: IAP 105 Authentication (Captive Portal & 802.1x)

Can u screenshot or copy paster the failure ( security log ) on the radius side please.

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
MVP
Posts: 1,413
Registered: ‎11-30-2011

Re: IAP 105 Authentication (Captive Portal & 802.1x)

did you follow the steps in the first document kdisc98 pointed to?

 

trying to build NPS policies (you need both a good Connection Request Policy and Network Policy) from scratch is tricky, better to go through the wizzard. once the basic works you can continue strip things you dont want, but the wizzard should give you something that works.

 

once it still fails it is indeed time to head for the windows event viewer and look for NPS events in the security section, these should be able to point you to the problem.

Frequent Contributor I
Posts: 178
Registered: ‎05-18-2011

Re: IAP 105 Authentication (Captive Portal & 802.1x)

[ Edited ]

Hi kdisc98,

 

Below is the error message from the NPS server:

 

A Radius messages was received from the invalid radius client IP address 10.64.108.125."

 

10.64.108.125 ip address is the physical Aruba IAP 105 ip address. VC ip address is 10.64.108.130.

 

On the NPS server i already put 10.64.108.130 as a RADIUS client.

 

 

Please advise.

MVP
Posts: 1,408
Registered: ‎05-28-2008

Re: IAP 105 Authentication (Captive Portal & 802.1x)

It's seems your Radius - dosent recgozine the iap..did u configrue it right? with nas ip/id as needed? (on the radius side)

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
Frequent Contributor I
Posts: 178
Registered: ‎05-18-2011

Re: IAP 105 Authentication (Captive Portal & 802.1x)

[ Edited ]

I only specify "NAS Port Type : Wireless IEEE 802.11 OR Wireless - Other" under "Network Policies".

 

I did add the 10.64.108.130 ip address at "RADIUS Client" and "Connection Request Policies".

 

 

MVP
Posts: 1,408
Registered: ‎05-28-2008

Re: IAP 105 Authentication (Captive Portal & 802.1x)

[ Edited ]

I'm on my way to one of my clients right now (Waze - Google)

If you would like,later on I will land at me office lab - and I will be able to help via teamviewer/ammy/logmein/rdp or whatever you would like - I will take a look with with on all the configuration - and try to assist you.

My skype is: asa_2plus.

 

For the meantime.

 

Have a gr8 day.

 

Me

*****************2Plus Wireless Solutions****************************
Aruba Airheads - Powered By community for empower the community
************ Don't Forget to Kudos + me,If i helped you******************
Frequent Contributor I
Posts: 178
Registered: ‎05-18-2011

Re: IAP 105 Authentication (Captive Portal & 802.1x)

Ok. Can, thanks. Rougly need to wait for how many minutes. Because now i'm client site troubleshoot this problem. I think they going back in about 45 minutes start now on.

 

my skype ID: jordontin

Search Airheads
Showing results for 
Search instead for 
Did you mean: