Important points to check for Cloud guest authentication related issues

MVP Expert
MVP Expert
Q:

What are the important points to check for Cloud guest authentication related issues?



A:

I am going to highlight few of the important points related to certificate mapping in cloud guest authenticaiton.

Configuration still need to be checked.

 

During cloud guest troubleshooting issue, please ensure the following :

 

  1. Certificate mapped under Security settings.

 

Captive portal cert on new accounts will be : aruba_default.

 

In case customer is using their own certificate for CP, then the mapping should point to their certificate.

 

We can run the following command on IAP:

IAP# show captive-portal-domains

 
Internal Captive Portal Domain:
securelogin.hpe.com
 
External Captive Portal Domains:
asw1.cloudguest.central.arubanetworks.com

 

The CP domain should be the CN of the certificate mapped under the security settings. There are cases in which customer are changing the setting & pointing it to default certs which causing issues with cloud guest Authentication.

2. RADSEC cert should not be changed & should be mapped as default. We have seen issues where the RADSEC certificate is changed to different one which causes the RADSEC connection to fail. So, IAP’s won’t be able to communicate with cloud guest servers.

3. There is a Common Name override present in splash page profile.

Please ensure that is not changed to a different CN. It should be same as CN of certificate mapped to Captive portal profile under Security settings.

In this case I am using aruba_default certificate, so the override is pointing to “securelogin.hpe.com”.

Version history
Revision #:
2 of 2
Last update:
‎03-15-2019 01:27 PM
Updated by:
 
Labels (1)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: