Wireless Access

last person joined: 17 hours ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

Connecting 3rd party wireless bridge to WLAN

Jump to Best Answer
  • 1.  Connecting 3rd party wireless bridge to WLAN

    Posted Aug 18, 2015 10:16 AM

    Hey guys,

    I need to set-up a wireless client bridge (HP 501) on my WLAN. It's working in workgroup bridge mode.

    I can connect it to my network using a open SSID or PEAP but I can't have it working with EAP-TLS.


    The product documentation is quite poor and doesn't explain well, i'm not sure if I need to install a client or a server certificate on it ?

    Also there is 2 mandatory fields : one for username and one for password. 

     

    Here's a screenshot from the documentation

     

    2015-08-18 10_07_18-h10032.www1.hp.com_ctg_Manual_c04035155.png

     

    I just completed a CSR and sent it to the CA, I don't really get the ''Identity'' field.

    Any help would be appreciated :)



  • 2.  RE: Connecting 3rd party wireless bridge to WLAN

    Posted Aug 18, 2015 10:58 AM

    You should need a client certificate sourced from the same PKI as your RADIUS server's cert so that it's trusted. Not sure about any identity field, that may be a question for HP-s supporth with the 501. I've never seen anyoe do TLS with the 501, only PEAP. 



  • 3.  RE: Connecting 3rd party wireless bridge to WLAN

    Posted Aug 18, 2015 01:58 PM

    @jhoward wrote:

    You should need a client certificate sourced from the same PKI as your RADIUS server's cert so that it's trusted. Not sure about any identity field, that may be a question for HP-s supporth with the 501. I've never seen anyoe do TLS with the 501, only PEAP. 


    Yes, I will open a ticket with HP to have more details !

     

    I guess any 3rd party bridge is the same scenario ? maybe someone around the airheads community knows :)



  • 4.  RE: Connecting 3rd party wireless bridge to WLAN

    Posted Aug 01, 2017 11:29 AM

    Did you ever get this worked out? We are seeing a similar issue even though the cert comes from the same PKI.



  • 5.  RE: Connecting 3rd party wireless bridge to WLAN
    Best Answer

    Posted Aug 01, 2017 11:42 AM

    @agriffin wrote:

    Did you ever get this worked out? We are seeing a similar issue even though the cert comes from the same PKI.


    Hi, yes, the problem was due to the identity field which wasn't accepting enough character even tho it appeared correctly in the GUI.

     

    We had this resolved with engineering and help from our local SE in firmware version 1.0.1.1 : [ 182619 ] Increased the maximum allowable characters for the EAP-TLS Identify field

    I would also highly suggest you to update to version 2.0.0.0 which just came out 2-3 weeks ago. It now supports using Aruba ARP optimization feature which is a good thing.

    Cheers,



  • 6.  RE: Connecting 3rd party wireless bridge to WLAN

    Posted Sep 21, 2017 10:51 PM

    Any chance you can elaborate on how you got this to work with EAP-TLS? I tried issuing an onboard certificate to it so that its signed by the radius server. Then I exported a .pem format and used the username as the "identity" field and the user password as the private key. In clearpass i keep getting EAP requests with an error saying EAP method unsupported. I know its no clearpass becuase i have EAP-TLS clients connected already. ANY help is appreciated.



  • 7.  RE: Connecting 3rd party wireless bridge to WLAN

    Posted Sep 24, 2017 09:49 PM
    Sorry I can't see the full post at the moment as I'm vacationing down under, but I suspect the issue is your pem - does it have the private key, user cert and root cert all in the file? Also, the user password doesn't go in the private key field. When you export the cert including the private key, it should ask you to create a password at the time of export - that's what should go there.

    Hopefully this helps!
    Al


  • 8.  RE: Connecting 3rd party wireless bridge to WLAN

    Posted Sep 27, 2017 10:33 AM

    @Ctristan wrote:

    Any chance you can elaborate on how you got this to work with EAP-TLS? I tried issuing an onboard certificate to it so that its signed by the radius server. Then I exported a .pem format and used the username as the "identity" field and the user password as the private key. In clearpass i keep getting EAP requests with an error saying EAP method unsupported. I know its no clearpass becuase i have EAP-TLS clients connected already. ANY help is appreciated.


    If you can post more details about logs and error you receive and also how you are setup maybe I can help :)

    As of me, I issued the bridge a standard Wi-Fi user certificate with a separate private key and then do the following openssl to concatenate them into a .pem

     

    $ openssl pkcs12 -export -in hostname.crt -inkey hsotname.key -out hostname.p12
    $ openssl pkcs12 -in hostname.p12 -nodes -out hostname.pem

     Then you add a password to it and import it to the bridge with the previously typed password.

     

    Make sure also the root is trusted in the RADIUS server.

     

    Thanks,



  • 9.  RE: Connecting 3rd party wireless bridge to WLAN

    Posted Oct 09, 2017 03:17 PM

    Hello,

    I still have the issue. I exported a cert from clearpass and checked the box "include cert chain" I then imported the cert and pkey. The format is comeo out as is a .pem. I upload it into the bridge and use the account username as the identity and the password i used to export the cert.

     

    Everything seems okay but within clearpass I see a error in the request stating "Type-EAP" & Client does not support configured EAP methods. I am sure I am selecting EAP TLS and the certificate is uploaded.