ArubaOS and Controllers

Occasional Contributor I

802.1x Authentication on Aruba Controller


I want to authenticate wireless users with Active Directory. Is there any way to configure Aruba Controler as a radius server or can i configure the user authentication without third party radius server ?

Aruba Employee

Re: 802.1x Authentication on Aruba Controller

If you would want to use the AD to authenticate wireless users, you will need a backend server. If you do not wish to use a 3rd party radius server, have the user entry available in the internal DB of the controller.

Also, need to enable termination on the controller (for dot1x).
Barath Srinivasan
Customer Engineering Architect
Customer Advocacy | Aruba Networks Inc.
Did something you read in the Community solve a problem for you? If so, click "Accept as Solution", in the bottom right hand corner of the post.
Occasional Contributor I

802.1x Authentication on Aruba Controller

Thanks for your reply

We do not have any internal user DB on controller. All the users are existing on Active Directory. In that case we need any IAS server for user authenticate. ? or if we will enable or configure 802.1x termination on controller so we need any third party radius server ?

Frequent Contributor II

Re: 802.1x Authentication on Aruba Controller

You will either need to put user in the internal DB of the controller or you can turn on IAS/NPS(radius) on your AD and point the controller to use radius.

It's easier to turn up NPS/IAS on AD if all of your user have credentials in AD already.
David Dipert
Occasional Contributor I


you can use eap-offload or termination : terminate 802.1x on the controller, so controller present the certificate, and after controller interoperate credential with your IAS/NPS in MS/CHAPv2.
Frequent Contributor I

Re: 802.1x Authentication on Aruba Controller


We have EAP-TLS implemented in our 3600 controller with termination using the controller. We installed certificates (CA and Aruba Controller) to the controller and certificates (CA and User cert.) to the client. All certificates came from thesame Certificate authority. We would like to add user authentication on top of what we have. We tried adding a username and password to our internal database and then added MSCHAPv2 as an inner termination. We were hoping that the EAP-TLS would authenticate, and them the MSCHAPv2 would kick in asking for the username and password. Unfortunately, it did not work. Is there a way to add user authentication to the aruba controller? We opened a case with TAC but we were told we need to purchase the firewall license. Any thoughts? Thanks.
Guru Elite

Re: 802.1x Authentication on Aruba Controller

they are correct. If you had the Policy Enforcement Firewall, it could put the user into a Captive Portal profile that would require authentication. Without PEF, you cannot layer authentication methods like that.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Search Airheads
Showing results for 
Search instead for 
Did you mean: