Wireless Access

 View Only
last person joined: 14 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Expand all | Collapse all

Downloadable User Role - Wireless DUR setup

This thread has been viewed 54 times
  • 1.  Downloadable User Role - Wireless DUR setup

    Posted Feb 01, 2023 06:19 AM
    Hi All,

    I have referred a Aruba documentations , Airhead broadcasting youtube channels to setup a DUR in wireless by using Aruba central & CPPM components.

    For Wired - It is working fine, but still there is a limitation by setting up DUR via Aruba central like uploading certificates is difficult one and not able to upload it via central, still required CLI access. Even Multi Edit tool is not supporting this feature.

    For Wireless - Certificate is the main issue, By default it is downloading HTTPS(ECC) CA certificate instead of RSA CA certificate, ECC is disabled in CPPM.

    second point, If it is uploaded manually via central then there is no option to assign the certificate to application, its need to be done via AP CLI - this is drawback in Central config.

    third point, even assigning the certificate manually via AP CLI, still DUR is not working.

    anyone know did DUR via wireless by using CPPM? Need your assist to setup the same.


  • 2.  RE: Downloadable User Role - Wireless DUR setup

    MVP EXPERT
    Posted Feb 01, 2023 06:48 AM
    Certainly using DUR on wireless using cppm here , not central

    Sent from my iPhone




  • 3.  RE: Downloadable User Role - Wireless DUR setup

    Posted Feb 02, 2023 11:59 PM

    Hi Alexs
    You are right, DUR works via CPPM only.

    But query here is, How to setup SSID, certificates on AP's, Certificate assignment to AP's/SSID's via central.




  • 4.  RE: Downloadable User Role - Wireless DUR setup

    EMPLOYEE
    Posted Feb 01, 2023 09:38 AM
    Recommendation would be to not use the DUR functionality for wireless if you don't already have it working.  DUR isn't available once you move to AOS 10.

    ------------------------------
    Carson Hulcher, ACEX#110
    ------------------------------



  • 5.  RE: Downloadable User Role - Wireless DUR setup

    Posted Feb 03, 2023 12:01 AM
    Hi,

    Thanks for your post!!

    DUR isn't available once you move to AOS 10 -  Really? any Aruba documentation is available for the same? I will refer and convey the same to my teams.

    I was working with TAC/ERT teams but still didn't get this update.


  • 6.  RE: Downloadable User Role - Wireless DUR setup

    Posted Feb 03, 2023 12:05 AM
    One more points is, I am still using AOS 8 architecture now.

    If it is not recommended to use DUR functionality for wireless then I am not sure why this feature is available.

    what about wired DUR functionality?



  • 7.  RE: Downloadable User Role - Wireless DUR setup

    EMPLOYEE
    Posted Feb 03, 2023 09:54 AM
    Usage of DUR in AOS 8 is supported and up to you if you want to use the feature.  My personal recommendation would be not to spend the effort to resolve whatever issue you are running into because at this point the feature is dead in AOS 10 so at some near future point you would be re-configuring with local roles.

    Wired DUR is fully supported in AOS-Switch and in AOS-CX on the switches that support DUR, I don't know of any changes happening there.

    ------------------------------
    Carson Hulcher, ACEX#110
    ------------------------------



  • 8.  RE: Downloadable User Role - Wireless DUR setup

    MVP EXPERT
    Posted Feb 03, 2023 10:29 AM
    Would sort of hope that DURs appear in OS10 eventually, given all the functionality available in ClearPass to create the things over all Aruba platforms. Not using central yet but certainly have Madde use of DUR features own OS8 in a previous life. Idea of having a centralised place for creating and distributing role information makes sense to me … eg. Detecting when. A wired Airgroup device is plugged into a switch port and tunnelling it up to a controller instead of domino it manually

    A




  • 9.  RE: Downloadable User Role - Wireless DUR setup

    Posted Feb 07, 2023 12:33 AM
    I have tested the Wireless LUR which is working fine in AOS8 & 10 but DUR is not working in both versions.

    AOS8 components:-  Aruba Central, CPPM, CX-Switches & AP's - LUR is working, DUR is not working, Working with TAC for DUR part.

    AOS10 components:- Aruba Central, CPPM, CX-Switches & AP's LUR is working, DUR is not working, I will cross check whether we can find any docs for DUR won't be available now. I will check with TAC too.

    Thanks for your support!!!

    If you have more information then share here.



  • 10.  RE: Downloadable User Role - Wireless DUR setup

    EMPLOYEE
    Posted Feb 07, 2023 09:25 AM
    Check here for setup on CX and here an old one for Instant AP.

    What is important for downloadable user roles:
    - ClearPass server is referred to by FQDN (not by IP) in your switch/AP
    - FQDN needs to be resolvable by the switch/AP (DNS must work)
    - Root CA that issued the ClearPass HTTPS server certificate has to be added as 'trust-anchor' or 'trustedCA'

    The above should take care that the switch/AP can setup a HTTPS connection to ClearPass to download the roles.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 11.  RE: Downloadable User Role - Wireless DUR setup

    Posted Feb 08, 2023 12:24 AM
    Hi Herman,

    Thanks for the update!!!

    I am trying the same via Aruba central cloud to all IAP's but it seems some config options are not available to perform the same (DUR via wireless).

    As per TAC/ERT members everything is working locally (via IAP config), this is fine for single AP, what about 100+ AP's managed from Aruba central cloud. This is where I got stuck on it.

    Also one more discussion is on going in the above conversations that Wi-Fi DUR won't be available in AOS10. Is it? can you also confirm?



  • 12.  RE: Downloadable User Role - Wireless DUR setup

    EMPLOYEE
    Posted Feb 08, 2023 08:52 AM
    There may be options with template groups, or additional commands via API if the required configuration is unavailable in the Web based configuration groups. But as I don't know what part of the configuration cannot be done, I would not really know. You should be in good hands with TAC.

    Note that especially when you have many APs managed from Central, it may be even easier to work with local roles and push those from Central, and just return that role name that is in the configuration instead of using downloadable roles from ClearPass.

    On AOS10, I have not tried as I just push my roles from central instead of using local roles, but if @chulcher mentions that downloadable roles are currently not yet supported in AOS10 at the moment, I don't have a reason to doubt that.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------