Cloud Managed Networks

last person joined: 2 days ago 

Forum to discuss all things related to HPE Aruba Networking Central and UXI Network Management, including deployment of managed networks, configuration, best practices, APIs, Cloud Guest, AIOps, Presence Analytics, and other included Applications
Back to discussions
Expand all | Collapse all

EAP-TLS configuration with Aruba Central

This thread has been viewed 13 times

  • 1.  EAP-TLS configuration with Aruba Central

    Posted Jun 17, 2020 02:26 PM

    I'm hoping to configure EAP-TLS on Aruba Central. I'll be deploying client certs from a Microsoft certificate server, but I'm liking for the best way to implement RADIUS. I assume that if I use the internal radius, I won't be able to use CRL or OCSP to check for revoked certs, is this correct? I haven't seen anywhere to configure OCSP in the interface.



  • 2.  RE: EAP-TLS configuration with Aruba Central

    MVP EXPERT
    Posted Jun 17, 2020 03:24 PM

    Which RADIUS/EAP server are you using? Aruba Central does not provide non-visitor authentication services.



  • 3.  RE: EAP-TLS configuration with Aruba Central

    Posted Jun 22, 2020 02:41 PM

    I was referring to this document:

     

    https://help.central.arubanetworks.com/2.5.1/documentation/online_help/content/access-points/cfg/security/auth_servers.htm?Highlight=eap-tls

     

    This indicates I should be able to configure EAP_TLS with either an external or Internal RADIUS server. For internal, the virtual controller would need a server and CA cert.

     

    But there is no mention of OCSP or CRL checking using the Internal method.



  • 4.  RE: EAP-TLS configuration with Aruba Central

    MVP EXPERT
    Posted Jun 22, 2020 02:48 PM
    Local EAP termination should not be used in production.