Wireless Access

last person joined: 34 minutes ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

3200 controller OS update

Jump to Best Answer
  • 1.  3200 controller OS update

    Posted Jul 15, 2014 10:41 AM

    Hello all!

     

    My first time posting here. I would like to know if it worth/possible to upgrade my 3200 Controller from 6.1.3.9 to the latest 6.3.1.8?

    If so, where can I find the procedure for doing so?

    Also, having problems making an AP-105 into a Campus AP. I will make another thread for this one.

     

    Thanks


    #3200


  • 2.  RE: 3200 controller OS update
    Best Answer

    Posted Jul 15, 2014 10:42 AM
    You would need to purchase the extra memory kit to upgrade the controller before going to 6.3


  • 3.  RE: 3200 controller OS update

    Posted Jul 15, 2014 10:45 AM

    Would I gain much from upgrading?

     



  • 4.  RE: 3200 controller OS update

    Posted Jul 15, 2014 10:47 AM
    There are many new features, but some may not be available with the legacy 3200 controllers.


  • 5.  RE: 3200 controller OS update

    Posted Jul 15, 2014 10:49 AM

    6-3-controllersupport.PNG



  • 6.  RE: 3200 controller OS update

    Posted Jul 15, 2014 01:19 PM

    Don't make the leap from 6.1 to 6.3 in one go if its a production network and you need a seamless upgrade. I've seen some issues with the config once upgraded, so I'd recommend 6.1 > 6.2 > 6.3.



  • 7.  RE: 3200 controller OS update

    Posted Jul 15, 2014 01:22 PM

    Ok, good idea... but not sure if I realy need to upgrade yet.

    I am still having issues with my Windows 7 users when they are forced to change their password, it will not let them do it through wifi!

    I might be missing something else.



  • 8.  RE: 3200 controller OS update

    Posted Jul 15, 2014 01:23 PM
    Thats not a wireless issue that would be fixed by controller code. It takes some changes on your RADIUS server.


  • 9.  RE: 3200 controller OS update

    Posted Jul 15, 2014 01:26 PM

    Yeah, I need to get intimate with my RADIUS server.

    I read somewhere that I have to make one on a 2008 or newer server.

    Right now, I have a 2003 server which is probably why I'm having these problems.

     



  • 10.  RE: 3200 controller OS update

    Posted Jul 15, 2014 03:02 PM

    Tman,

     

    It should work on Windows 2003 server as well.

     



  • 11.  RE: 3200 controller OS update

    Posted Jul 16, 2014 08:46 AM

    Hmmm, realy?

    The installer tried to configure it last year, yes it has been that long and not working yet, that he said we needed a Windows 2008 domain controller for Windows 7/8 options (aka:to be able to change user passord when expired!)

    Should I start another thread for this? I would realy like to get this up and running...it is a pain in the a$$ right now!

     

    Thanks



  • 12.  RE: 3200 controller OS update

    Posted Jul 16, 2014 09:16 AM
    Your problem is not being able to change passwords on the desktop? Please explain the steps and what is not working. Can new users who have never logged into a laptop wirelessly, login?

    To get the full functionality and control of Windows 7 laptops outside of wireless you absolutely need a domain controller that is 2008 and greater for all of the group policy stuff. Your 2003 radius server, through machine authentication should allow your users to change passwords over wireless.


  • 13.  RE: 3200 controller OS update

    Posted Jul 16, 2014 11:13 AM

    cjoseph, no, a new user that hasn't yet authenticated on a wireless laptop cannot login.

    Neither can any user change his password when it has expired.

    I know that to have all gpo's related to Windows 7 that I must have a 2008 or greater DC server but always doubted that it was needed concerning passwords!

     



  • 14.  RE: 3200 controller OS update

    Posted Jul 16, 2014 11:21 AM
    Tman,

    The key to what you just said is allowing machine authentication to occur on your radius server. Your rule on IAS will frequently allow groups of users to authenticate, but it must also allow the domain computers group to authenticate, as well.


  • 15.  RE: 3200 controller OS update

    Posted Jul 16, 2014 11:46 AM

    Would you happen to have any screenshots as to where I would make this possible?

    I haven't played with IAS much, so any help would be appreciated.

    Thanks!



  • 16.  RE: 3200 controller OS update

    Posted Jul 16, 2014 11:53 AM

    http://community.arubanetworks.com/aruba/attachments/aruba/aaa-nac-guest-access-byod/1025/1/IAS+Config.pdf

     

    This is just a document to configure IAS from scratch.  To make changes to an existing environment, you should get someone who knows the impact on what you are doing currently to make the changes.



  • 17.  RE: 3200 controller OS update

    Posted Jul 16, 2014 12:15 PM

    I'll have a look.

    Thanks!



  • 18.  RE: 3200 controller OS update

    Posted Jul 16, 2014 01:58 PM

    Ok, well I can now authenticate new users that never logged in on a laptop... BUT... I am still unable to change the password if it is expired.

    All options in RADIUS are activated for a user to be able to change their pasword but still does not work.

     

    thanks!



  • 19.  RE: 3200 controller OS update

    Posted Jul 16, 2014 02:11 PM

    Tman,

     

    That is because with 802.1x unless you are authenticated successfully, your link is down....That means your laptop cannot contact the domain controller to change your password.

     



  • 20.  RE: 3200 controller OS update

    Posted Jul 16, 2014 02:25 PM

    So, in other words, it can't be done? Right?

     

    Our help desk will reset user passwords when they forget their passwords...and force the user to change their temp password by checking the box "user must change password".

    I guess this will have to change?

     

    Would you suggest I authenticate my users otherwise?



  • 21.  RE: 3200 controller OS update

    Posted Jul 16, 2014 02:41 PM

    So, I know that there was a time that changing your password over 802.1x did not work, and now it works.  It probably only works with NPS and beyond:  http://www.stevenjordan.net/2013/11/last-updated-november-15th-2013-by.html

     

    It was so long ago...

     



  • 22.  RE: 3200 controller OS update

    Posted Jul 16, 2014 02:56 PM

    So, this is why I need a 2008 server, right?

    My Windows 2003's RADIUS server doesn't have the capability to do it?

     



  • 23.  RE: 3200 controller OS update

    Posted Jul 16, 2014 02:58 PM

    I would check with MSFT ultimately, because it has been so long, but NPS does offer you that capability today.  Best to check with Microsoft and report back to us, just to be sure.  I would not want to suggest an upgrade if it will work with 2003.  It has been so long, that I cannot be sure.  Maybe someone on the list here could provide some context.



  • 24.  RE: 3200 controller OS update

    Posted Jul 16, 2014 03:55 PM

    Well...I do have a 2008 server that is now an DC.

    This is recent so I haven't enabled RADIUS on it, and it is in my "other" site that I can access via WAN (MPLS).

    I am still deploying it as it will be replacing an older DC (2003).

    I'll give it a try on my 2008 server.



  • 25.  RE: 3200 controller OS update

    Posted Jul 17, 2014 12:51 PM

    Ok...well, my 2008 Radius server is authenticating my wireless laptop by usename but not by machine name!

    FYI, I am not presently using certificates. Is this what I am missing? If so, does it have to be an Enterprise certificate as I do not have that access. Our forest is big and each region manage their own domain.

     

    Thanks!



  • 26.  RE: 3200 controller OS update

    Posted Jul 17, 2014 03:24 PM

    Tman,

     

    At minimum, your radius server needs a server certificate.

     

    Did you see the article here:  http://community.arubanetworks.com/t5/Community-Tribal-Knowledge-Base/Step-by-Step-How-to-Configure-Microsoft-NPS-2008-Radius-Server/ta-p/80672  ?



  • 27.  RE: 3200 controller OS update

    Posted Jul 18, 2014 07:59 AM

    Yes, I did see that .pdf but I thought the certificate was mostly for security.

    We eventualy will be using certificates. As I asked in my previous message, does it need to be an Enterprise certificate or can it be a standard one? All of my devices will be connecting on my managed domain only.

     

    Thanks

     

     



  • 28.  RE: 3200 controller OS update

    Posted Jul 18, 2014 08:06 AM

    For EAP-PEAP you only need a server-side certificate.  Most people do NOT use Client-Side certificates, which is EAP-TLS.

     

    If it is working, you have a certificate installed.

     

    If machine authentication is not working, you should check the rules on the NPS server.

     



  • 29.  RE: 3200 controller OS update

    Posted Jul 18, 2014 08:09 AM

    I haven't yet tried to use a certificate.

    I will configure one today and see if this make any changes!

    Thanks again



  • 30.  RE: 3200 controller OS update

    Posted Jul 18, 2014 09:13 AM

    Well, I installed the certificate but as I said it is not an "enterprise" certificate.

    Do I have to configure my wifi profile on the laptop to validate the certificate?

    I don't see the certificate I just created in the list of certificates available!

     

    PS... Can you show me a NPS screen shot of an authenticated wireless device?



  • 31.  RE: 3200 controller OS update

    Posted Jul 18, 2014 09:54 AM

    Tman,

     

    Please start a new thread so that others can follow your issue.

     

    Again, if client authentication is working to the 2008 NPS server, you already have a certificate and you don't have to do anything else.



  • 32.  RE: 3200 controller OS update

    Posted Jul 18, 2014 10:43 AM

    Ok, will do!

    Thanks for your help ;)