With EAP-TLS, how to check user certificate common name against AAA server?

Aruba Employee
Aruba Employee

Introduction : Method to check if the user's submitted certificate Common name is valid with the AAA server, when EAP termination is on the controller.


Feature Notes : This document is tested and written based on AOS 6.4.0.


Environment : EAP TLS Authentication - Client has a certificate issued for it - EAP termination on controller - CPPM as the Radius server.


Network Topology : rtaImage.jpg


Configuration Steps :


In the Dot1x profile, ensure that termination is enable and EAP-TLS is selected. Server cert and CA cert to be uploaded and mapped.

option of "Check Certificate Common name against AAA server" is selected.




Enabling "check certificate common name against AAA server" will trigger a validation against the configured AAA server.

Verification :


From Auth-trace buf one should be able to see that the controller is validating User CN against the Radius server.



Troubleshooting :


We can check the authentication process in "show log security".


Version history
Revision #:
1 of 1
Last update:
‎11-10-2014 11:45 AM
Updated by:
Search Airheads
Showing results for 
Search instead for 
Did you mean: