Wired Intelligent Edge (Campus Switching and Routing)

Reply
Frequent Contributor II

AP 802.1x via certificate on switch

Dear,

 

our customer wants to have all his switches doing 802.1x on all of their ports.

For APs they first want to do mac-authentication to come in a VLAN where we can provision the APs, they also want to send a certificate to the AP to do the authentication on the switch afterwards. (and removing the mac-authentication for this AP after this)

Is this even possible?

I saw you can configure 802.1x Parameters using PEAP, but is it also possible to do 802.1x with a certificate on the APs?

 

Kind regards,

Thomas
ACMX#370 ACCX#1000 ACDX#1071 AMFX#74

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.

Accepted Solutions
Highlighted
Moderator

Re: AP 802.1x via certificate on switch

EAP-PEAP (username/password) is the only supported method for the 802.1X supplicant on an access point.



If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

View solution in original post

Highlighted
Guru Elite

Re: AP 802.1x via certificate on switch


@Thomasds wrote:

Dear, our customer wants to have all his switches doing 802.1x on all of their ports. For APs they first want to do mac-authentication to come in a VLAN where we can provision the APs, they also want to send a certificate to the AP to do the authentication on the switch afterwards. (and removing the mac-authentication for this AP after this) Is this even possible? I saw you can configure 802.1x Parameters using PEAP, but is it also possible to do 802.1x with a certificate on the APs? Kind regards,


That all depends on your switch.  If an AP is new, it will not do 802.1x.  Your switch can mac authenticate them and put them into the VLAN needed to provision 802.1x credentials.  When you provision 802.1x credentials, it should pass 802.1x on the switchport on the next reboot and then end up in the correct VLAN.  Access points do not use certificate-based authentication on their ports.

 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
ArubaOS Consolidated Release Notes
Aruba VIA ASE Solution - Configure VIA VPN

View solution in original post


All Replies
Highlighted
Moderator

Re: AP 802.1x via certificate on switch

EAP-PEAP (username/password) is the only supported method for the 802.1X supplicant on an access point.



If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

View solution in original post

Highlighted
Guru Elite

Re: AP 802.1x via certificate on switch


@Thomasds wrote:

Dear, our customer wants to have all his switches doing 802.1x on all of their ports. For APs they first want to do mac-authentication to come in a VLAN where we can provision the APs, they also want to send a certificate to the AP to do the authentication on the switch afterwards. (and removing the mac-authentication for this AP after this) Is this even possible? I saw you can configure 802.1x Parameters using PEAP, but is it also possible to do 802.1x with a certificate on the APs? Kind regards,


That all depends on your switch.  If an AP is new, it will not do 802.1x.  Your switch can mac authenticate them and put them into the VLAN needed to provision 802.1x credentials.  When you provision 802.1x credentials, it should pass 802.1x on the switchport on the next reboot and then end up in the correct VLAN.  Access points do not use certificate-based authentication on their ports.

 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
ArubaOS Consolidated Release Notes
Aruba VIA ASE Solution - Configure VIA VPN

View solution in original post

Highlighted
Frequent Contributor II

Re: AP 802.1x via certificate on switch

Thanks both for the reply

 

That was all I needed to know

 

Kind regards,

 

Thomas
ACMX#370 ACCX#1000 ACDX#1071 AMFX#74

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: