Wireless Access

 View Only
last person joined: 15 hours ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

Aruba Central - Cloud Guest with 802.1x

This thread has been viewed 9 times
  • 1.  Aruba Central - Cloud Guest with 802.1x

    Posted Aug 12, 2022 12:47 PM
    Hi people

    Two years ago i deployed a SSID Guest for employees with captive portal and 802.1x . All this configuration was executed in a Clearpass on premise (portal + 802.1x).
    Now, i wish to do the same from Aruba Central and using the captive portal provided by Central (Cloud Guest) and using the Clearpass on premise as Radius Server, but i don't know if this is possible.

    When i configure the SSID i choose "cloud guest" and i don't find how to associate the authentication against Clearpass Radius.

    My goal is offer to the employees a guest wireless secured. I don't want to setup a SSID with preshared-key because the employees share the password to the visitors..

    I set up a specific SSID with sponsor for the visitors..

    Any idea or suggestion about this?

    Thanks


  • 2.  RE: Aruba Central - Cloud Guest with 802.1x

    EMPLOYEE
    Posted Aug 13, 2022 09:54 AM
    I have not done what you're asking, but I have implemented 802.1x with RBAC.  I parsed the client cert look at the certificate authorities (we have multiples)  and other attributes to determine which vlan/ubt to setup the access role (in clearpass).   one can easily assign the guest role based on issuer CA.   in my case, I can setup to RBAC to assign client device with Intune CA to guest role but disallow others issuing CA (like contractor CA).  it would not be a standard guest role but a special role since mac auth is no longer in use.   Central is telling controller to spin-up  SSID, the magic is still in clearpass.


  • 3.  RE: Aruba Central - Cloud Guest with 802.1x

    EMPLOYEE
    Posted Aug 17, 2022 04:42 AM
    802.1X and Captive Portal on the same SSID is an uncommon situation. Also, I have seen in the past that Windows 10 sometimes does not detect the captive portal when connecting to an 802.1X SSID.

    With Cloud Guest, you have the captive Portal in Central and the authentication is as well linked to Central to make it easier to configure. And you can select open/Enhanced Open(OWE)/PSK for the connection security. 802.1X cannot be selected for a captive portal page as far as I know.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------