Wireless Access

last person joined: 7 hours ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

Aruba and Certificates

  • 1.  Aruba and Certificates

    Posted Nov 13, 2013 03:29 PM

    Can the Aruba controller or Clearpass manager (or guest) utilize user based certificates for authentication for smartphones (IOS, BB, Android)?



  • 2.  RE: Aruba and Certificates

    Posted Nov 13, 2013 03:39 PM
    Yes, both support EAP-TLS


  • 3.  RE: Aruba and Certificates

    Posted Nov 13, 2013 03:44 PM

    ok, how would I get the cert on the devices?



  • 4.  RE: Aruba and Certificates

    Posted Nov 13, 2013 03:57 PM

    For ClearPass, you would buy Onboarding licenses, which would assist in generating the certificates and pushing them to your mobile devices.



  • 5.  RE: Aruba and Certificates

    Posted Nov 13, 2013 04:08 PM

    would that remove users from having to enter creds in a captive portal?  we have an issue with our users domain accounts constantly locking out.. generally from their smart devices.. hardcoded passwords for the employee wifi, email, etc.... so less devices that have hard coded creds the better..



  • 6.  RE: Aruba and Certificates

    Posted Nov 13, 2013 04:11 PM

    Yes, it would relieve your users from having to type their credentials into a captive portal.  Once the devices are onboarded, they automatically connect to your 802.1X SSID using the certificate that was pushed to the device.

     

    They're technically the same product now.  Although, configuration of onboarding still requires going to the Guest area for configuration.  You can't do it all through one window.



  • 7.  RE: Aruba and Certificates

    Posted Nov 13, 2013 04:11 PM

    and would it be with Clearpass Manager or Guest?



  • 8.  RE: Aruba and Certificates

    Posted Nov 13, 2013 04:15 PM
    The ideal setup would be to use ClearPass Onboarding which would take care
    of the enrollment process for the users. Onboard is not included in the
    base license.

    The do-it-yourself version would be to stand up active directory
    certificates services and users can generate and install client
    certificates. The ClearPass can be configured to authenticate the user
    with their certificate.