MVP Expert

Up to date document on configuring VIA

Is there an up to date document on how to configure VIA? I'm runing ArubaOS and following the

Virtual Intranet Access (VIA) Tech note. Problem is that its a bit old and some thing don't line up. Got to the state where I'm supposed to
define where a VIA connection goes for authentication.  The doc says configure a Via Authentication profile
aaa authentication via auth-profile "via-auth"
Cant see where to create it. from the command line, aaa authentication doesn't have a "via" option. In the GUI under "Advanced/All Profiles/ there isn't a VIA Authenticaiton OProfile sub heading.
..... in fact theres none of the VIA set of profiles visible
Guru Elite

Re: Up to date document on configuring VIA

Do you have PEFV licenses?

| Tim Cappalli | Aruba Security | @timcappalli | |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
MVP Expert

Re: Up to date document on configuring VIA

Doen't look like it, are these something I can get hold of as eval licenses ?


Failing that, if I just want to do l2tp/ipsec  using built in features of windows and osx, do I need these licenses anyway?




MVP Expert

Re: Up to date document on configuring VIA


obtained eval license and installed it.

configured clearpass to authenticate user.


Question 1 :- do you normally set up 2 auth services for VIA, one for the web auth component and one for the VIA client? Was trying to uniquely identify a mobility controller doing  VIA authentications.


Ended up with

Web auth= NAS-IP-Address, NAS-Port-Type and Service-Type

VIA Auth = NAS-ID,nas-ip-address,nas-port and nas-port-type


Which does work.


Could just specify nas-port-type=5 but doesn't seem like enough.


Question 2 :-


On my os x system, I downloaded the installer and after it downloaded the VIA config and I logged off and back in again, everything worked and I ended up with a valid IP address assigned.


On my iOS system, having downloaded the App and entered my credentials, when I try connecting, I get


"Certificate Error, please check your certificate. it may be incorrect or expired"


Now the iOS app seems to be using an auth-profile called via whereas the downloaded client is using the one I defined, i.e. via-auth

Had a peek on the controller and can't see an auth profile called via ... or do I have to create one?





Search Airheads
Showing results for 
Search instead for 
Did you mean: