Security

last person joined: 14 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Up to date document on configuring VIA

This thread has been viewed 0 times

  • 1.  Up to date document on configuring VIA

    Posted Jan 28, 2016 09:58 AM

    Is there an up to date document on how to configure VIA? I'm runing ArubaOS 6.4.3.6 and following the


    Virtual Intranet Access (VIA) Tech note. Problem is that its a bit old and some thing don't line up. Got to the state where I'm supposed to
    define where a VIA connection goes for authentication.  The doc says configure a Via Authentication profile
    a
    aaa authentication via auth-profile "via-auth"
     
    Cant see where to create it. from the command line, aaa authentication doesn't have a "via" option. In the GUI under "Advanced/All Profiles/ there isn't a VIA Authenticaiton OProfile sub heading.
     
     
    ..... in fact theres none of the VIA set of profiles visible
    A
     
     


  • 2.  RE: Up to date document on configuring VIA

    EMPLOYEE
    Posted Jan 28, 2016 09:59 AM

    Do you have PEFV licenses?



  • 3.  RE: Up to date document on configuring VIA

    Posted Jan 28, 2016 11:02 AM

    Doen't look like it, are these something I can get hold of as eval licenses ?

     

    Failing that, if I just want to do l2tp/ipsec  using built in features of windows and osx, do I need these licenses anyway?

     

    Rgds

    A



  • 4.  RE: Up to date document on configuring VIA

    Posted Jan 29, 2016 09:38 AM

    o.k.

    obtained eval license and installed it.

    configured clearpass to authenticate user.

     

    Question 1 :- do you normally set up 2 auth services for VIA, one for the web auth component and one for the VIA client? Was trying to uniquely identify a mobility controller doing  VIA authentications.

     

    Ended up with

    Web auth= NAS-IP-Address, NAS-Port-Type and Service-Type

    VIA Auth = NAS-ID,nas-ip-address,nas-port and nas-port-type

     

    Which does work.

     

    Could just specify nas-port-type=5 but doesn't seem like enough.

     

    Question 2 :-

     

    On my os x system, I downloaded the installer and after it downloaded the VIA config and I logged off and back in again, everything worked and I ended up with a valid IP address assigned.

     

    On my iOS system, having downloaded the App and entered my credentials, when I try connecting, I get

     

    "Certificate Error, please check your certificate. it may be incorrect or expired"

     

    Now the iOS app seems to be using an auth-profile called via whereas the downloaded client is using the one I defined, i.e. via-auth

    Had a peek on the controller and can't see an auth profile called via ... or do I have to create one?

    Rgds

    Alex