Controllerless Networks

Reply
Occasional Contributor II

Re: Radius Authentication with IAP-135

cjoseph,

 

I am confused with the IP assignment.

 

1. When I I created a RADIUS client in NPS(Windows Server). The IP address of this RADIUS client should come where?

 

2. When I clicked on the 'Security' tab (in Instant UI) - Authentication Server, I created a RADIUS Server. Does this IP address should come from the IP address of my RADIUS Server (WIndows Server 2012)

 

3. I opened DHCP Manager, I clicked on Scope (refer to attached screenshoot). I saw 2 address pools. What does the range of this IP addresses imply? Please advise.

Occasional Contributor II

Re: Radius Authentication with IAP-135

cjoseph,

 

I looked at the attached link and followed the instructions, I can't seem to authenticate RADIUS Server to "talk" with IAP-135

Trusted Contributor I

Re: Radius Authentication with IAP-135

1. When I I created a RADIUS client in NPS(Windows Server). The IP address of this RADIUS client should come where?

 

that should be the IP address of you virtual master IAP, if you have just one, that IP

 

2. When I clicked on the 'Security' tab (in Instant UI) - Authentication Server, I created a RADIUS Server. Does this IP address should come from the IP address of my RADIUS Server (WIndows Server 2012)

 

yes that should be the IP of your radius server

 

3. I opened DHCP Manager, I clicked on Scope (refer to attached screenshoot). I saw 2 address pools. What does the range of this IP addresses imply? Please advise.

 

that is a bit out of scope for us, it is your network, you should know what is going on or ask someone who can tell you.

 

basically it shows two dhcps scopes, one in the 10. range and one in the 192.168. range.


it might be better to start a little simpler, create an open network or one with a WPA2 key and get that working. ones it works you can look at dot1x.

Occasional Contributor II

Re: Radius Authentication with IAP-135

boneyard,

 

I managed to create an open network in the Instant UI.

 

I would like to focus on doing 802.1x authentication.

Trusted Contributor I

Re: Radius Authentication with IAP-135

creating is one thing, but were you able to connect with a client and get network access?

 

as for dot1x, what exactly is holding you back now, you asked two questions about which IPs to use, those answers you have now. what isnt working, have you tried to connect? what happens?

 

NPS is a radius server, but the reporting isnt that good. have you checked the event viewer for radius related messages?

Occasional Contributor II

Re: Radius Authentication with IAP-135

Hi boneyard,

 

With the issue on IP address assignment, I can't perform L2 authentication with Aruba Instant. That's holding me back.

I followed the steps configuration.

Trusted Contributor I

Re: Radius Authentication with IAP-135

what issue of IP assignment? doesn't your IAP get an IP? sorry but you lost me. if you feel up to it please try to clearly describe what your current issue is.

Highlighted
Occasional Contributor II

Re: Radius Authentication with IAP-135

Hi bomeyard,

Let's go the basics:

 

I want to perform 802.1x authentication, therefore,

my supplicant: my working laptop

my authenticator: my IAP-135 device

my authentication server should be my windows server 2012 (correct me if I am wrong).

 

Currently, I managed to create a Test SSID - (VC assigned IP, open, unrestricted.)
Instant SSID has been erased.

 

I created a server - Test.wlan.net (domain), with my IP address: 10.10.10.201 (I assume this is my RADIUS Server.)

 

In Open UI, under System Settings, I added an authentication server which the ip address should be my RADIUS Server.


My VC IP for Open SSID shows: 0.0.0.0

Master: 169.252.254.98 - This master IP is?

 

By right, when I click on Open SSID, I should be ask for my credential (PSK) to authenticate?  Am I right?

 

 

Trusted Contributor I

Re: Radius Authentication with IAP-135

i would assume the IP is a bit different and an auto assigned apipa ip which means your dhcp doesnt function, can you check that when you connect a laptop in that network where the IAP is now it gets a good DHCP address?

 

how many IAPs are in the network? just one, nothing else around?

 

also an open network doesnt have a PSK, it is just open. a WPA(2) network would ask for a key.

 

you can configure the VC address your self if you want to.

Occasional Contributor II

Re: Radius Authentication with IAP-135

Hi boneyard,

 

I only have one AP - IAP-135

 

The Test SSID which was created, the Security Level is Open, Role: Unrestricted.

 

I have attached a screenshot of Test SSID details.

No good DHCP address found.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: