Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

VIA - Authenticating With Certs

This thread has been viewed 2 times

  • 1.  VIA - Authenticating With Certs

    Posted Dec 04, 2014 05:26 PM

    Curious if anyone has had issues getting VIA to authenticate with certs.  For some background, I have a new 7005 controller for testing that I've configured with an IKE Server Cert, as well as a CA Cert.  My VIA connection profile is configured for IKEv2/EAP-TLS.  My laptop that I'm testing with is a company-issued laptop with a cert received from our CA, which I want to use as the authentication piece.  After several calls to TAC and every configuration change possible I still cannot get this to work.  

    Has anyone implemented VIA with certs before, and if so, how did you accomplish the authentication piece?  We'd actually like to do 2-factor authentication with certs and AD creds, but just trying to get certs going first.  The end game is to have company-issued laptop be the only devices to get on VIA in our environment. No personal laptops or home devices. Each device in our environment has its own machine cert.  

    Thanks!



  • 2.  RE: VIA - Authenticating With Certs

    Posted Dec 05, 2014 09:41 AM

    Hi,

     

    It is obsolutely possible to enable IKE 2 -Cert and wit hWindows credential as VIA auth credentials.

     

    Attached are the snapshots those can be help full to you, if not please feel free to cone for the solution,

     

    Cheers,

    Venu Puduchery



  • 3.  RE: VIA - Authenticating With Certs

    EMPLOYEE
    Posted Dec 05, 2014 11:39 AM
    @Ryan.brennan wrote:

    Curious if anyone has had issues getting VIA to authenticate with certs.  For some background, I have a new 7005 controller for testing that I've configured with an IKE Server Cert, as well as a CA Cert.  My VIA connection profile is configured for IKEv2/EAP-TLS.  My laptop that I'm testing with is a company-issued laptop with a cert received from our CA, which I want to use as the authentication piece.  After several calls to TAC and every configuration change possible I still cannot get this to work.  

    Has anyone implemented VIA with certs before, and if so, how did you accomplish the authentication piece?  We'd actually like to do 2-factor authentication with certs and AD creds, but just trying to get certs going first.  The end game is to have company-issued laptop be the only devices to get on VIA in our environment. No personal laptops or home devices. Each device in our environment has its own machine cert.  

    Thanks!

    ryan.brennan,

     

    Please be more specific.  Where does it fail?  Do you have any error messages?  Are you saying that you cannot get it working with simply he eap-tls certs?