sorry for late respond.
Thank you for the guide. I'll learn it.
Original Message:
Sent: Jan 11, 2024 01:23 AM
From: ariyap
Subject: 802.1x implementation
the test aaa server uses PAP and not really used for testing users.
Anyway, forwarding mode generally should be tunnel not bridge.
you can refer to this guide even though it uses ClearPass as the authentication server, it gives yo a good idea of the controller configuration.
------------------------------
If my post was useful accept solution and/or give kudos.
Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
Original Message:
Sent: Jan 10, 2024 11:15 PM
From: pangestu_bram
Subject: 802.1x implementation
Dear Ariyap,
Thank you for your response.
I would like to informed that i got "authentication failed" result when test AAA server from Aruba controller.
May i know what make it successful? Whether it is related with some variables between Aruba controller & Windows NPS?
Below is my configuration
interface gigabitethernet 0/0/14 description "GE0/0/14" trusted trusted vlan 1048,1050,1052,1056 no poe lacp group 0 mode active lldp transmit lldp receive!interface gigabitethernet 0/0/15 description "GE0/0/15" trusted trusted vlan 1048,1050,1052,1056 no poe lacp group 0 mode active lldp transmit lldp receive!interface port-channel 0 description "LACP-to-ACC-SW" trusted trusted vlan 1048,1050,1052,1056,1058 switchport mode trunk switchport trunk allowed vlan 1048,1050,1052,1056,1058!aaa authentication dot1x "TEST-AUTH_dot1_aut"!aaa authentication-server radius "NPS-RADIUS" host "ip_address" key f6c0b6dda66983d6cc30988ff2d520c57ab0f95565411f66!aaa server-group "TEST-AUTH_dot1_svg" auth-server NPS-RADIUS position 1!aaa profile "TEST-AUTH_aaa_prof" initial-role "authenticated" authentication-dot1x "TEST-AUTH_dot1_aut" dot1x-server-group "TEST-AUTH_dot1_svg"!wlan ssid-profile "TEST-AUTH_ssid_prof" essid "TEST-AUTH" opmode wpa2-aes!wlan virtual-ap "TEST-AUTH" aaa-profile "TEST-AUTH_aaa_prof" vlan 1058 forward-mode bridge ssid-profile "TEST-AUTH_ssid_prof"!
Original Message:
Sent: Jan 10, 2024 05:07 PM
From: ariyap
Subject: 802.1x implementation
is the EAP-TLS authentication successful?
after a successful authentication, in the client in the correct VLAN that has DHCP scope?
------------------------------
If my post was useful accept solution and/or give kudos.
Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
Original Message:
Sent: Jan 09, 2024 07:59 AM
From: pangestu_bram
Subject: 802.1x implementation
Greetings,
We are currently trying to implement 802.1x authentication with Windows Active Directory. On AD server, we already install Windows NPS and set it up, create Certificate and stuff. But when we try to connect to SSID designated with 802.1x; couldn't get IP address.
Kindly need your suggestion/direction.
Our environments are:
- Aruba 7010 standalone wireless controller
- 16 units of Aruba 305 Access Point
- DHCP server is configured on core switch.
- Windows Server 2019 with AD & NPS roles
Best Regards,
Bram