Wireless Access

Reply
Occasional Contributor II
Posts: 21
Registered: ‎08-14-2007

RAP and machine authnetication

I am trialling RAP to use in "pop-up" type areas where we may have an ISP cabled connection or may just use the 4G dongle attached to the RAP.

 

We have 3 SSID's that we want to publish which work perfectly fine on Campus. The first 2 use 802.1x machine authentication in the 1st case. The other SSID is a captive portal. The CP works fine on the RAP when off campus. It seems the other 2 don't work when trying to machine authenticate. They will work on a non-domain machine where user credentials are used.

 

At this stage all traffic will go back to the controller so the forward mode for the VAP's is tunnel.

Guru Elite
Posts: 8,330
Registered: ‎09-08-2010

Re: RAP and machine authnetication

What does your RADIUS server show in the logs during an authentication attempt?


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II
Posts: 21
Registered: ‎08-14-2007

Re: RAP and machine authnetication

It doesn't get as far the radius server. The symptoms shown from my home are machine trying to authenticate but not getting an address. It is stuck with a 169.258 address.

Guru Elite
Posts: 8,330
Registered: ‎09-08-2010

Re: RAP and machine authnetication

So the machine likely authenticated if it's attempting to DHCP.

 

Do you see it in the station-table when this is happening? (show station-table)

Did you enable a a user-debug and look at the auth-tracebuf?


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II
Posts: 21
Registered: ‎08-14-2007

Re: RAP and machine authnetication

Thanks for your replies Tim.

 

I haven't actually had a chance to troubleshoot off campus. I was going to yesterday but got caught up with something else.

 

If you could tell me what I am looking for (what commands) I would be grateful.

 

I may get a chance this afternoon to troubleshoot.

Occasional Contributor II
Posts: 21
Registered: ‎08-14-2007

Re: RAP and machine authnetication

I had a short time to try again. I didn't get time to debug. The weird thing is that devices other than windows are happy. Having said that they are not trying to machine authenticate first.

 

My iPad was happy to connect with just my username and password. It recieved the correct address.

Search Airheads
Showing results for 
Search instead for 
Did you mean: