We have serveral remote locations which have a controller installed. The RADIUS servers are located at HQ office. We are running EAP-TLS on our PCs. When we had a WAN outage all clients drop off the network due to the lost connection to RADIUS. To try to fix this issue, I have enabled auth-Survivability on the controllers. What I have understand so far, is that auth-Survivability works will for PEAP. For EAP-TLS a certificate has to be installed on the controller to be used with auth-Survivability.
Our certificate chain is CA, intermidiate and client certificate.
Which certificate(s) should I use with auth.Survivability ?
Thanks for the replay.Is it possible to export the certificate with the chain from ClearPass ?
I have now uploaded the certificate on the controller and added it to auth-survivalibility.
I have not yet tested that it really works. Am I right that a client can reauthenticate as long hi has a record in the auth-survivaliblity-cache ?
We also have a lot of AP clusters were auth-survivaliblity is activated. Should I upload the ClearPass certicicate as an auth server certificate on the master AP ?
Yes, auth-survivability works for clients who authenticated prior to the loss of connectivity to the RADIUS server.
Do you know anything about my last question ?
I have run a test today on a EAP-TLS client. The client was not able to reconnect. I have checked that the client was cached on the controller.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2020 Hewlett Packard Enterprise Development LPAll Rights Reserved.