12-01-2017 05:00 AM
I am testing iAP 802.1x supplicant to authenticate the AP on an ethernet interface that has been secured with 802.1x. It is straight forward for PEAP, I enable PEAP in the System settings then configure the User/Pass in the AP settings and it works fine.
EAP-TLS is a little more difficult. I was hoping that I could use the built-in TPM engine to generate and use a built-in User Private Key during the authentication. On the 215/225 model I am testing with, the only option is to use a User Cert. I beleive this means I will need to use an external CA to generate a certificate for each individual AP and upload each cert to each AP.
Anyone have any tips? The CLI does show support for TPM (ap1x tls tpm) but no option in GUI which leads me to beleive it is either not supported on this model or it is not a functional option yet.
Running 6.5.4 release
Solved! Go to Solution.
12-04-2017 06:22 AM
TLS authentication with the TPM certificate, where you install the Aruba AP root CA into your ClearPass or other RADIUS server, is available in the controller version of ArubaOS 8.2. It might come to the Instant AP in the future given the message that is shown when you try to configure it via the CLI:
does not support tpm yet!
TLS with uploaded client certificates was implemented in earlier versions but seems to unavailable on 6.5.4.
Your Aruba partner or Aruba SE can help you with requesting this feature or finding out if it is on the roadmap.
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).