What are the important points to check for Cloud guest authentication related issues?
I am going to highlight few of the important points related to certificate mapping in cloud guest authenticaiton.
Configuration still need to be checked.
During cloud guest troubleshooting issue, please ensure the following :
- Certificate mapped under Security settings.
Captive portal cert on new accounts will be : aruba_default.
In case customer is using their own certificate for CP, then the mapping should point to their certificate.
We can run the following command on IAP:
IAP# show captive-portal-domains
Internal Captive Portal Domain:
External Captive Portal Domains:
The CP domain should be the CN of the certificate mapped under the security settings. There are cases in which customer are changing the setting & pointing it to default certs which causing issues with cloud guest Authentication.
2. RADSEC cert should not be changed & should be mapped as default. We have seen issues where the RADSEC certificate is changed to different one which causes the RADSEC connection to fail. So, IAP’s won’t be able to communicate with cloud guest servers.
3. There is a Common Name override present in splash page profile.
Please ensure that is not changed to a different CN. It should be same as CN of certificate mapped to Captive portal profile under Security settings.
In this case I am using aruba_default certificate, so the override is pointing to “securelogin.hpe.com”.