Cloud Managed Networks

Hi,
I need to use an external cloud-based radius server for wireless user authentication. 

For IPAs (IPA303P controlled by Aruba central)  I am currently setting radius server parameters for SSIDs in Aruba Central


And for InstantOn AP22s as the following:

The above configuration looks to not be correct since user authentication doesn't work. Is there anyway to do this configuration once on the VPNC gateway (A7005) and redirect the radius traffic from APs to the radius server and back to APs? I think the traffic to the radius server is fine, but back to APs, I think it is not working.

------------------------------
Thank you!
------------------------------

IAPs and Instant ON are two different AP firmware.
This is how to configure CloudAuth for IAPs with Aruba Central.
https://help.central.arubanetworks.com/2.5.4/documentation/online_help/content/nms/access-points/cfg/networks/cfg-ca-wlan.htm

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba.
------------------------------

Original Message:
Sent: Mar 16, 2022 12:39 AM
From: Esmail Ayobinia
Subject: IAP and instanOn WiFi user authentication through Aruba Central

Hi,
I need to use an external cloud-based radius server for wireless user authentication. 

For IPAs (IPA303P controlled by Aruba central)  I am currently setting radius server parameters for SSIDs in Aruba Central


And for InstantOn AP22s as the following:

The above configuration looks to not be correct since user authentication doesn't work. Is there anyway to do this configuration once on the VPNC gateway (A7005) and redirect the radius traffic from APs to the radius server and back to APs? I think the traffic to the radius server is fine, but back to APs, I think it is not working.

------------------------------
Thank you!
------------------------------

Please work with your radius provider. In most cases for RADIUS there needs to be a registration for the IP from where the client is authenticating (RADIUS client) which also binds to the shared secret, which in case of a NATted network may need to be the public IP that is used for NAT.

On the server side it's probably trivial to check if authentication requests are coming in, and if they have the right shared secret. If you have the skills and possibility to make a packet capture of the communication between the APs and the RADIUS server, you may be able to understand/find out what is going on. As this seems to be a cloud service, it's likely that they have a helpdesk or other support included that can help you to troubleshoot and get this working.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message:
Sent: Mar 16, 2022 12:39 AM
From: Esmail Ayobinia
Subject: IAP and instanOn WiFi user authentication through Aruba Central

Hi,
I need to use an external cloud-based radius server for wireless user authentication. 

For IPAs (IPA303P controlled by Aruba central)  I am currently setting radius server parameters for SSIDs in Aruba Central


And for InstantOn AP22s as the following:

The above configuration looks to not be correct since user authentication doesn't work. Is there anyway to do this configuration once on the VPNC gateway (A7005) and redirect the radius traffic from APs to the radius server and back to APs? I think the traffic to the radius server is fine, but back to APs, I think it is not working.

------------------------------
Thank you!
------------------------------