802.1x supplicant support for IAP
Aruba Instant Access Points should complete 802.1x authentication before it sends and receives any other traffic.
Starting 188.8.131.52, IAP supports AP uplink dot1x. When IAP boots up it’ll perform 802.1x authentication prior to initiating DHCP.
To enable 802.1X supplicant support, configure 802.1X authentication parameters on every IAP using the Instant UI.
To use PEAP protocol based 802.1X authentication method, complete the following steps:
a. In the Access Points tab, click the IAP on which you want to set the variables for 802.1X authentication, and then click the edit link.
b. In the Edit Access Point window, click the Uplink tab.
c. Under PEAP user, enter user name, password, and retype the password for confirmation. The IAP user name and password are stored in IAP flash. The default inner authentication protocol for PEAP is MSCHAPV2.
To upload server certificates to validate the authentication server credentials, complete the following steps:
a. Click Upload New Certificate.
b. Specify the URL from where you want to upload the certificates and select the type of certificate.
c. Click Upload certificate.
To configure 802.1X authentication on uplink ports of an IAP, complete the following steps:
a. Click System > Show advanced options > Uplink.
b. Click AP1X.
c. Select PEAP or TLS as an authentication type.
d. If you want to validate the server credentials using server certificate, select the Validate Server check
box. Ensure that the server certificates for validating server credentials are uploaded to IAP database.
e. Click OK.
After the above configuration, the AP needs to be rebooted for 802.1x to be in effect.
show ap1x config --> To verify configuration
Instant# show ap1x config #generated by rcS.fatap ctrl_interface=/var/run/wpa_supplicant ap_scan=0 eapol_version=1 fast_reauth=1
show ap1x status --> To check the current status
Instant# show ap1x status ap1x:tls with validating server ap1x auth result:succeed
show ap1x debug-logs --> Logs during the AP bootup
Instant# show ap1x debug-logs 1970-01-01 00:00:32:apdot1x authentication type is peap 1970-01-01 00:00:32:trigger wpa_supplicant with configure file…
show ap1xcert --> Displays current CA and Client certificate
Insant## show ap1xcert Current ap1x CA Certificate: Version :3 Serial Number :AB:C1:1E:06:77:69:20:4F Issuer :/C=CN/ST=Beijing/O=Aruba Networks/O=an HP company/OU=Aruba Instant/CN=Feng Ding Subject :/C=CN/ST=Beijing/O=Aruba Networks/O=an HP company/OU=Aruba Instant/CN=Feng Ding Issued On :Jan 26 08:48:16 2016 GMT Expires On :Jan 23 08:48:16 2026 GMT Signed Using :SHA1-RSA RSA Key size :2048 bits