Controllerless Networks

last person joined: yesterday 

Instant Mode - the controllerless Wi-Fi solution that's easy to set up, is loaded with security and smarts, and won't break your budget
Back to discussions
Expand all | Collapse all

Instant AP with 802.1X and MAC OS X

This thread has been viewed 0 times

  • 1.  Instant AP with 802.1X and MAC OS X

    Posted Oct 08, 2019 06:02 AM

    Hello Aruba community,

     

    I use some Aruba APs for my home wifi because they are really good. So, I am a greenhorn on the subject of wifi. The APs are attached to Cisco switches via a VLAN. The central component is a small CheckPoint firewall. The firewall act as a DHCP server and default GW. At the moment I only have some SSIDs for different iPhones and iPADs with WPA2-Enterprise everything works fine. New is now a MacBook Air, which should be in the basement. But the MacBook only has a WLAN interface. The connection works fine, BUT only when I'm logged in MAC OS X. I now want the notebook to connect to the WLAN BEFORE without login manually into the system. 802.1X is supposed to be required, see here:

    https:/ntsystems.itpostjoining-wifi-before-login-on-mac-os-x-108

     

    I can do the MAC part. But I have no idea how to set up the 802.1X on the APs. Above all, I don't want to build a PKI or run a Windows server. I could install a freeradius on a NAS (Synology). Therefore the following questions:

    1. Can I do 802.1X WITHOUT certificates with the Instant APs at all, only with password-based authentication?

    2. If yes, is there a good guide somewhere where this is explained for such a beginner llike me?

    3. If no, is there another easy way to solve my problem?

     

    Hopefully someone can help, I'm grateful for any hint!

    ciao

    ryder

     



  • 2.  RE: Instant AP with 802.1X and MAC OS X

    EMPLOYEE
    Posted Oct 10, 2019 04:10 AM

    It's not so practical to enroll EAP-TLS for your home network, as you will need to deploy certificates on the client and server (can be the Instant AP in theory). In fact, it is not simple to deploy 802.1X without any certificates, which at scale doesn't matter, but for a home network does not really makes sense if you just want to use it. For education or test, it is a good exercise to configure it. From the referred message:

    It might be though to get your head around this if EAP-TLS and SCEP are new, yet the same idea holds through for a Username/Password or even pre-shared key authentication protocol.

     

    That suggests that you can use WPA2-PSK as well with this configuration tool. What I read from it (interpretation of the message, not from experience) is that you can't anymore configure a system profile (which is used prior to login) from the UI, but you can still do so with the iPhone Configuration Utility. You should be able to configure a standard PSK network from there as well, which avoids the whole part of the certificates.

     



  • 3.  RE: Instant AP with 802.1X and MAC OS X

    Posted Oct 11, 2019 06:57 AM

    Hi Herman,

     

    thanks for your clarification. I was stil aware that rolling out a PKI for home setup is a little bit oversized. Yes, I know, I already you WPA2-PSK. But my problem is, that WPA2-PSK do not work with pre-login authentication for MAC OS X. Only when a user login into MAC OS X an automated WPA2-PSK authentication for the wifi connection is possible. 

    So is there another chance to get the automatic wifi authentication with WPA2-PSK BEFORE MAC OS X login?

     

    Thanks, in advanced.

    ciao

    ryder



  • 4.  RE: Instant AP with 802.1X and MAC OS X

    EMPLOYEE
    Posted Oct 11, 2019 07:03 AM

    From what I read (and quoted from the article), you can configure pre-login PSK as well as 802.1X. You still need the Configuration Utility to create the profile, but just select PSK.

     

    Note, response based on what I read in the article. I did not verify that information.