Cloud Managed Networks

 View Only
last person joined: 2 days ago 

Forum to discuss all things Aruba Central and UXI Network Management, this includes Aruba Central managed networks, Central configuration, best practices, Central APIs, Cloud Guest, AIOps, Presence Analytics and Other Central Applications
Expand all | Collapse all

IAP and instanOn WiFi user authentication through Aruba Central

This thread has been viewed 14 times
  • 1.  IAP and instanOn WiFi user authentication through Aruba Central

    Posted Mar 16, 2022 12:40 AM
    Hi,
    I need to use an external cloud-based radius server for wireless user authentication. 

    For IPAs (IPA303P controlled by Aruba central)  I am currently setting radius server parameters for SSIDs in Aruba Central


    And for InstantOn AP22s as the following:

    The above configuration looks to not be correct since user authentication doesn't work. Is there anyway to do this configuration once on the VPNC gateway (A7005) and redirect the radius traffic from APs to the radius server and back to APs? I think the traffic to the radius server is fine, but back to APs, I think it is not working.

    ------------------------------
    Thank you!
    ------------------------------


  • 2.  RE: IAP and instanOn WiFi user authentication through Aruba Central

    EMPLOYEE
    Posted Mar 31, 2022 06:51 PM
    IAPs and Instant ON are two different AP firmware.
    This is how to configure CloudAuth for IAPs with Aruba Central.
    https://help.central.arubanetworks.com/2.5.4/documentation/online_help/content/nms/access-points/cfg/networks/cfg-ca-wlan.htm

    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba.
    ------------------------------



  • 3.  RE: IAP and instanOn WiFi user authentication through Aruba Central

    EMPLOYEE
    Posted May 03, 2022 11:16 AM
    Please work with your radius provider. In most cases for RADIUS there needs to be a registration for the IP from where the client is authenticating (RADIUS client) which also binds to the shared secret, which in case of a NATted network may need to be the public IP that is used for NAT.

    On the server side it's probably trivial to check if authentication requests are coming in, and if they have the right shared secret. If you have the skills and possibility to make a packet capture of the communication between the APs and the RADIUS server, you may be able to understand/find out what is going on. As this seems to be a cloud service, it's likely that they have a helpdesk or other support included that can help you to troubleshoot and get this working.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------