I've recently moved to using Windows NPS as opposed to a different third party RADIUS server and wanted to ask if there are any evident configurations issues from what I present below.
I ask because I've had inconsistent results in my monitoring of Airwave client statuses and authentication issues.
Maybe I'm just misunderstanding when and where the attributes get passed or overwritten.
My basic mentality for the schema was:
Connection Request Policies:
*** Guest Role ACL: Allow DHCP, DNS, ICMP, HTTP/S
*** ComputerAuth Role ACL: Allow DHCP, DNS, ICMP, HTTP/S, Domain Controller Communications
*** Staff Role ACL: Allow all IPV4, IPV6
Aruba AAA & 802.1X Configuration:
Company SSID Profile:
Initial Role: guest
MAC Auth Default Role: ComputerAuth [ Not using MAC Auth ]
802.1X Auth Default Role: guest
Max Auth Failures: 0
Enforce Machine Auth (Yes)
Machine Auth Default Machine Role: Computer-Auth
Machine Auth: Default User Role: guest
Load Balance (Yes)
I'm seeing different devices fail, or get stuck in odd roles in Airwave.
My process for testing and adjusting has been to make a change on the NPS side; Clear all authentication issue entries in Airwave, then start the NPS Services again to watch the results.
Any suggestions or observations are greatly appreciated, thanks.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.