Wireless Access

last person joined: 13 hours ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.

Cisco 8821 WVoIP's authenticating through CPPM 6.8.5

  • 1.  Cisco 8821 WVoIP's authenticating through CPPM 6.8.5

    Posted Jun 02, 2020 03:31 PM

    Equipment in question;

    CPPM 6.8.5 deployment

    Cisco 8821 WVoIP

    Aruba 7205 Mobility Controller

    Aruba 535 Access Point

    ___________________________

     

    My team and I are currently in the process of deploying a new site and in the process of transitioning from Cisco to Aruba organization wide. 

     

    We are unable to have Cisco 8821 connect via EAP-FAST through CPPM

     

    Our current Cisco ISE environment has 8821 authenticating against it using EAP-FAST

     

    Using the same service policy in CPPM using an IOS device we are able to connect, profile, and be assigned a COA on the same voice SSID.

     

    When attempting with a Cisco 8821 we are unable to connect. We are suspecting it may be a certificate issue since we are using the stock manufacturer cert and root CA for the WVoIPs. 

     

    When we import the manufacturer cert and root CA from ISE into CPPM for the Cisco 8821's all profiling breaks on both wired and wireless.. very interesting.

     

    When using PEAP-MSCHAPv2 on the WVoIP it will authenticate and profile. We cannot change our 8821's config since they are all in production spread throughout a Cisco environment of 40+ healthcare sites.

     

    Results of WLAN PCAP:

    Probe

    Auth

    Assoc. Request

    Response, ID

    Encrypted handshake message

    Change Cypher Spec, Encrypted handshake method

    App data (x5)

    Disassoc.

    *Restart process*

     

    Any Aruba customer out there currently have cross-pollinated environments with Cisco and Aruba? Also have 8821's in your environment going through CPPM? Any insight or thoughts would be awesome!! 

     

    We have spent a bunch of time with TAC and Aruba SE's. Looking from a customer standpoint how this was deployed in your environments.