Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Create SSID EAP-SIM

This thread has been viewed 4 times

  • 1.  Create SSID EAP-SIM

    Posted Aug 08, 2015 05:14 PM
    I need to configure an existing SSID on an HP environment in a Aruba controller but I'm having trouble. Could someone help me with those settings?
    The following configurations of the SSID on my HP environment:
     
    dot1x authentication-method eap
    #
    radius scheme SIM
     server-type extended
     primary authentication X.X.X.X
     primary accounting X.X.X.X
     key authentication cipher xxxxxxxx
     key accounting cipher xxxxxxxxxx
     user-name-format without-domain
     nas-ip X.X.X.X
    #
    domain SIM
     accounting login radius-scheme SIM
     authentication lan-access radius-scheme SIM
     authorization lan-access radius-scheme SIM
     access-limit disable
     state active
     idle-cut disable
     self-service-url disable
    #
    interface WLAN-ESS100
     description TIM
     port access vlan 100
     port-security port-mode userlogin-secure-ext
     port-security tx-key-type 11key
     undo dot1x handshake
     dot1x mandatory-domain SIM
     undo dot1x multicast-trigger

    #
    wlan service-template 1 crypto
     ssid WIFI-SIM
     bind WLAN-ESS 100
     cipher-suite ccmp
     security-ie rsn
     undo gtk-rekey enable
     gtk-rekey method time-based 180
     remote-ap keep-client-online
     service-template enable

    This SSID is responsible for connections of users with mobile chip.


  • 2.  RE: Create SSID EAP-SIM

    EMPLOYEE
    Posted Aug 08, 2015 05:16 PM
    Where are those settings from?



    The controller is EAP agnostic. Your RADIUS server would be configured for
    EAP-SIM.


  • 3.  RE: Create SSID EAP-SIM

    Posted Aug 08, 2015 05:24 PM

    Hello Cappalli, thanks for answering.

    To better explain the Radius server is in an environment that we have no access. What happens with the HP controllers is that when the User connects to the cell phone SSID, a window and at that time the User selects the device chip.

    In Aruba controller I can not make the User choose the type of authentication



  • 4.  RE: Create SSID EAP-SIM

    EMPLOYEE
    Posted Aug 08, 2015 05:25 PM

    Please post your Aruba config.



  • 5.  RE: Create SSID EAP-SIM

    Posted Aug 08, 2015 06:19 PM

    following configurations images. I'm sorry if missed something, I'm not abtuado the configurations of Aruba.

    Follows also picture when the User connects to the SSID that is configured in the HP controller.



  • 6.  RE: Create SSID EAP-SIM
    Best Answer

    Posted Aug 09, 2015 06:25 AM

    When using termination on the controller as you are, EAP-SIM is not supported.  You would need to remove the termination setting and let termination of the EAP session be done on a RADIUS server that supports EAP-SIM.

     

    Refer to the following for details:

    http://www.arubanetworks.com/techdocs/ArubaOS_64x_WebHelp/Web_Help_Index.htm?_ga=1.60155757.1508645953.1422289203#ArubaFrameStyles/802.1x/Overview_of_802_1x_Authe.htm?