Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Role Assignment for 802.1X Authentication

This thread has been viewed 1 times

  • 1.  Role Assignment for 802.1X Authentication

    Posted Mar 10, 2015 11:37 PM

    I created SSID "Kerry" to user for 802.1X authentication

    There'is not 802.1x Authentication Default Role filed to choose 

    1.PNG

     

    2.PNG

     

     

    3.PNG



  • 2.  RE: Role Assignment for 802.1X Authentication
    Best Answer

    EMPLOYEE
    Posted Mar 10, 2015 11:41 PM
    Do you have PEFNG licenses installed?


    Thanks,
    Tim


  • 3.  RE: Role Assignment for 802.1X Authentication

    Posted Mar 10, 2015 11:43 PM

    I forgot it !! 

     

     

    Thanks,



  • 4.  RE: Role Assignment for 802.1X Authentication

    Posted Mar 11, 2015 12:34 AM

    Hi, TIM

     

    If i want to return role From clearpass to Aruba controller

    What 's attribute that i should config on both clearpass and controller side ? Is it filter-ID on both side



  • 5.  RE: Role Assignment for 802.1X Authentication

    EMPLOYEE
    Posted Mar 11, 2015 12:38 AM
    Aruba:Aruba-User-Role


    Thanks,
    Tim


  • 6.  RE: Role Assignment for 802.1X Authentication

    Posted Mar 11, 2015 12:50 AM

    Hi Tim

     

    I have last 1 question.

     

    Is it possible that user authentication via controller and AD without RADIUS Server ?

    I try to test on my lab. There's pop-up on client side for inserting username and password but authentication is failed. For this problem I think, It's because on client support MS-CHAPV2 for authentication but on AD support only GTS

     

    What do you think about this case ? and do you have way out for this problem 



  • 7.  RE: Role Assignment for 802.1X Authentication

    EMPLOYEE
    Posted Mar 11, 2015 04:36 AM

    WPA2-AES Enterprise requires some sort of radius server.  If you don't want to user an external radius server, you can enable termination, MsChapV2, on your controller in the 802.1x profile and change the server group in your AAA profile to "Default" which should have the internal database.  You can then authenticate via 802.1x to users in the internal database on the controller...