How to enable Dot1x authentication on Aruba controller for CPPM
This Article explains about-
i) adding the Aruba controller as NAD device.
ii) Integrating Aruba Controller with CPPM to perform Dot1x authentication.
iii) Configuring service on CPPM to handle this request.
Environment : This Article is written for CPPM 6.2.0 and greater.
Below are the detailed steps.
1: Adding Aruba Controller as NAD device on CPPM.
Navigate to Configuration > Network > Devices
Click Add Device
Add the device as shown below.
Make sure that we configure the same Radius Shared secret on the controller as well.
2: Integrate Aruba Controller with CPPM to perform Dot1x.
-> Add a server group on the Controller
Navigate to Security > Authentication > Servers
Add a new Radius Server.
Enter the IP of the CPPM or a generic name to identify the CPPM server and hit " Add"
After adding, the CPPM server will show in the list.
Click on the entry and modify the below.
Make sure that the Host field has the IP/host name of the CPPM and the Key is same as radius secret key in step 1.
-> Map this server to a server group.
Create a new Server group and add the entry of CPPM to it.
once we hit "Add Server", the CPPM will be mapped to this group.
-> Create a new AAA profile.
Navigate to Security > Authentication > Profiles
and add a new AAA profile and click on the name.
We can have the Initial and authenticated roles bases on our requirements.
Map this AAA profile to
i) The radius server group which we have added earlier
ii) Authentication profile for Dot1x, we can create new one by using the drop down menu.
Hit on New and create a new auth profile.
We can customize these options based on our requirements.
-> Create a Dot1X SSID profile.
Navigate to Configuration > AP Group > Edit "You_AP_Group"
and add a new Virtual AP profile.
Make sure that the Vlan is mapped properly.
Map this VAP to the AAA profile which we added and to the SSID profile.
We can create a new SSID profile as below.
Give a name to the SSID profile and SSID name and map this to the VAP profile.
Save the Configuration.
3: Create Dot1x service on the CPPM.
Browse to Configuration » Services
and click on "Add New Service".
Use the default Aruba 802.1X Wireless service default template.
Make sure that the SSID name is correctly mapped in the last Rule. The name is case sensitive.
Click next and add the below details.
We can have multiple authentication sources based on our requirements. Click Next.
Configuring Roles is not necessary in this default setup and we can leave it blank.
We can have the "Allow All Access Policy" on the Enforcement tab. However we can customize it bases on our requirements.
Hit Save and exit. Connect a client and verify.
We would see the Accept messages in the access tracker.