Wireless Access

Reply
Frequent Contributor II

Instant 802.1x Supplication

I am testing iAP 802.1x supplicant to authenticate the AP on an ethernet interface that has been secured with 802.1x. It is straight forward for PEAP, I enable PEAP in the System settings then configure the User/Pass in the AP settings and it works fine.

 

EAP-TLS is a little more difficult. I was hoping that I could use the built-in  TPM engine to generate and use a built-in User Private Key during the authentication. On the 215/225 model I am testing with, the only option is to use a User Cert. I beleive this means I will need to use an external CA to generate a certificate for each individual AP and upload each cert to each AP. 

 

Anyone have any tips? The CLI does show support for TPM (ap1x tls tpm) but no option in GUI which leads me to beleive it is either not supported on this model or it is not a functional option yet. 

 

Running 6.5.4 release

Frequent Contributor II

Re: Instant 802.1x Supplication

Think through this a little more... Generating a unique cert wont do any good. I need to generate or upload a Key. Not sure how to go about that. 

Re: Instant 802.1x Supplication

TLS authentication with the TPM certificate, where you install the Aruba AP root CA into your ClearPass or other RADIUS server, is available in the controller version of ArubaOS 8.2. It might come to the Instant AP in the future given the message that is shown when you try to configure it via the CLI:

does not support tpm yet!

TLS with uploaded client certificates was implemented in earlier versions but seems to unavailable on 6.5.4.

 

Your Aruba partner or Aruba SE can help you with requesting this feature or finding out if it is on the roadmap.

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Frequent Contributor II

Re: Instant 802.1x Supplication

Thanks Herman!

 

We are an Aruba Partner and just wanted to be sure I wasnt missing something. 

 

Thanks

Frequent Contributor II

Re: Instant 802.1x Supplication

We have been doing a lot of Wired 802.1x deployments lately and this would be helpful in such deployments. 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: