Security

 View Only
last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

User role not changing to authenticated after authed by NPS

This thread has been viewed 31 times
  • 1.  User role not changing to authenticated after authed by NPS

    Posted 14 days ago

    I am in the process of deploying a new controller 7205 running ArubaOS 8.11.2.2 SSR I have some test APs working and users can connect to the SSID but not able to transmit or receive data.

    We use MS NPS server to do authentication for MAC and User to determine is allowed onto our network and to put the user into the right VLAN this works fine for our wired infrastructure and currently works fine on our old controller running 6.something and our new controller at our other site.

    I can see the new SSID on my laptop, I can connect to it, RADIUS grants my connection and I get an IP address, I can see my client connected in teh Arubua controller I can see the IP I have been given but my role is still showing as logon and not authenticated as it does on our other controllers.

    For the life of me I can not work out what bit of config is missing to make this work.

    Any help is appricated

    Thanks

    Dave



  • 2.  RE: User role not changing to authenticated after authed by NPS

    EMPLOYEE
    Posted 14 days ago

    Do you have the PEFNG (Policy Enforcement License) installed?  If not, there is no concept of role differentiation.



    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card
    ------------------------------



  • 3.  RE: User role not changing to authenticated after authed by NPS

    Posted 12 days ago

    Hi,

    Thanks for your reply.

    We have licences assigned to the new controller for AP, PEF, RF Protect and all three are enabled.

    Thanks




  • 4.  RE: User role not changing to authenticated after authed by NPS

    EMPLOYEE
    Posted 12 days ago

    Is the default dot1x role authenticated in the AAA profile?



    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card
    ------------------------------



  • 5.  RE: User role not changing to authenticated after authed by NPS

    Posted 12 days ago

    default-dot1x the Mac and 802.1X are both set to guest however we do not use that one as we have one for our staff and that one the default roles for 802.1 and Mac auth are set to authenticated.

    Then under AAA for our staff profile the 802.1X Auth profile is the one we have created in L2 Auth

    Thanks




  • 6.  RE: User role not changing to authenticated after authed by NPS

    EMPLOYEE
    Posted 12 days ago

    show user-table will show you what AAA profile (the profile column) your WLAN is using.

    I would advise that you change the default dot1x role to "authenticated" in that profile for testing.  You should also do "AAA user delete IP <IP address of user>" while testing to delete that user from the user table.



    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    HPE Design and Deploy Guides: https://community.arubanetworks.com/support/migrated-knowledge-base?attachments=&communitykey=dcc83c62-1a3a-4dd8-94dc-92968ea6fff1&pageindex=0&pagesize=12&search=&sort=most_recent&viewtype=card
    ------------------------------



  • 7.  RE: User role not changing to authenticated after authed by NPS

    Posted 12 days ago

    Thanks for the suggestions, I will not be able to run those commands till next weekend when I am on site and can put my test machine onto the new network.




  • 8.  RE: User role not changing to authenticated after authed by NPS

    Posted 7 days ago

    Thanks for your help we have got this working before I then broke the controller.

    On the Authentication > Auth Servers > Auth_Staff_dot1_svg we did not have a server role, I had to create an attribute called role as it was not in the list, with value-of and action to set role as soon as added that in it all started to work.

    Thanks for your help.