Wireless Access

HELLO Airheads,
we are in the process of deploying a VIA solution to a version 8 standalone 7210 controller.
We're all licenced up and ready to go.
We have set up a VIA authentication profile, VIA connection profile etc.
In the VIA authentication profile we have the "client certificate authentication for VIA profile download" ticked,
because customer wants to use the USER certificate installed on the Windows 10 laptop to authenticate the user.
The Aruba controller sits behind a public address and we are NATting on ports 443, 4500 and 8085 to controller management address.
However when we initiate comms we get "download cancelled" with machine cert and "incorrect credentials" with user cert on the VIA
supplicant window.
I guess what i'd like to know is has anyone done this successfully i.e. used certs at this stage ?
cheers
Pete

------------------------------
Pete Elms
------------------------------

Pete,

Have not done this before, I didn't even know that option was there. If you can't make it work, please reach out to your Aruba Partner or Aruba Support.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message:
Sent: Jun 10, 2021 11:16 AM
From: Pete Elms
Subject: VIA CONNECTION PROFILE DOWNLOAD ISSUE

HELLO Airheads,
we are in the process of deploying a VIA solution to a version 8 standalone 7210 controller.
We're all licenced up and ready to go.
We have set up a VIA authentication profile, VIA connection profile etc.
In the VIA authentication profile we have the "client certificate authentication for VIA profile download" ticked,
because customer wants to use the USER certificate installed on the Windows 10 laptop to authenticate the user.
The Aruba controller sits behind a public address and we are NATting on ports 443, 4500 and 8085 to controller management address.
However when we initiate comms we get "download cancelled" with machine cert and "incorrect credentials" with user cert on the VIA
supplicant window.
I guess what i'd like to know is has anyone done this successfully i.e. used certs at this stage ?
cheers
Pete

------------------------------
Pete Elms
------------------------------

hi Herman,
thanks for getting back.
I have opened up a TAC case for this am currently working.
While i have your attention.
Quick question?
I am trying to set up Clearpass with EAP-TLS but NO Active directory.
i just want to do the EAP-TLS on certificate trust.
Is this something you've done?
cheers
pete

------------------------------
Pete Elms
------------------------------

Original Message:
Sent: Jun 15, 2021 09:53 AM
From: Herman Robers
Subject: VIA CONNECTION PROFILE DOWNLOAD ISSUE

Pete,

Have not done this before, I didn't even know that option was there. If you can't make it work, please reach out to your Aruba Partner or Aruba Support.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Jun 10, 2021 11:16 AM
From: Pete Elms
Subject: VIA CONNECTION PROFILE DOWNLOAD ISSUE

HELLO Airheads,
we are in the process of deploying a VIA solution to a version 8 standalone 7210 controller.
We're all licenced up and ready to go.
We have set up a VIA authentication profile, VIA connection profile etc.
In the VIA authentication profile we have the "client certificate authentication for VIA profile download" ticked,
because customer wants to use the USER certificate installed on the Windows 10 laptop to authenticate the user.
The Aruba controller sits behind a public address and we are NATting on ports 443, 4500 and 8085 to controller management address.
However when we initiate comms we get "download cancelled" with machine cert and "incorrect credentials" with user cert on the VIA
supplicant window.
I guess what i'd like to know is has anyone done this successfully i.e. used certs at this stage ?
cheers
Pete

------------------------------
Pete Elms
------------------------------

ClearPass  requires that you use the EAP-TLS  authentication method to authenticate certificate-based authentication and that you import the CA certificate into the ClearPass Trust list.  I would clone the default EAP-TLS authentication method and uncheck "authorization" for a vanilla test.

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
------------------------------

Original Message:
Sent: Jun 15, 2021 10:39 AM
From: Pete Elms
Subject: VIA CONNECTION PROFILE DOWNLOAD ISSUE

hi Herman,
thanks for getting back.
I have opened up a TAC case for this am currently working.
While i have your attention.
Quick question?
I am trying to set up Clearpass with EAP-TLS but NO Active directory.
i just want to do the EAP-TLS on certificate trust.
Is this something you've done?
cheers
pete

------------------------------
Pete Elms

Original Message:
Sent: Jun 15, 2021 09:53 AM
From: Herman Robers
Subject: VIA CONNECTION PROFILE DOWNLOAD ISSUE

Pete,

Have not done this before, I didn't even know that option was there. If you can't make it work, please reach out to your Aruba Partner or Aruba Support.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Jun 10, 2021 11:16 AM
From: Pete Elms
Subject: VIA CONNECTION PROFILE DOWNLOAD ISSUE

HELLO Airheads,
we are in the process of deploying a VIA solution to a version 8 standalone 7210 controller.
We're all licenced up and ready to go.
We have set up a VIA authentication profile, VIA connection profile etc.
In the VIA authentication profile we have the "client certificate authentication for VIA profile download" ticked,
because customer wants to use the USER certificate installed on the Windows 10 laptop to authenticate the user.
The Aruba controller sits behind a public address and we are NATting on ports 443, 4500 and 8085 to controller management address.
However when we initiate comms we get "download cancelled" with machine cert and "incorrect credentials" with user cert on the VIA
supplicant window.
I guess what i'd like to know is has anyone done this successfully i.e. used certs at this stage ?
cheers
Pete

------------------------------
Pete Elms
------------------------------