Wireless Access

last person joined: 23 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

AAA FastConnect problem (802.1x with NPS, termination on the controller)

This thread has been viewed 2 times

  • 1.  AAA FastConnect problem (802.1x with NPS, termination on the controller)

    Posted Sep 04, 2017 06:23 AM
      |   view attached

    Hi,

     

    I have a configured lab test environment, which contains an Aruba 7x00 Controller, a couple of APs, and a Windows based RADIUS (NPS) server.

     

    Everything works fine, users can authenticate, till I enabled the termination on the controller. Do I need to install any certificate on it to make it works? (tried install the server cert used for connect on the clients, but got error message: Error Uploading Certificate: Cert missing private key and failed to find a key generated from a CSR request in the system to match it)

     

    NPS configuration:

    NPS Networks PoliciesNPS Networks PoliciesNPS Connection Request PoliciesNPS Connection Request Policies

    User access before Termination enabled (works):

    nps4.JPG

    Denyed access after Termination enabled:

    nps3.JPG

     

    As I see users try to connect by EAP-PEAP and MSChapv2, and that was enabled in the network policy, but correct me!

     

    (Controller configuraton attached.)

    Attachment(s)

    txt
    mb_config.txt   26 KB 1 version


  • 2.  RE: AAA FastConnect problem (802.1x with NPS, termination on the controller)

    MVP EXPERT
    Posted Sep 04, 2017 06:29 AM

    Hey, you will need to upload the certificate to the controller. Have you taken a look at the below yet? Do you have a CSR and a certificate generated or a certificate already with the private key combined in it?

     

    http://community.arubanetworks.com/t5/Controller-Based-WLANs/How-does-dot1x-termination-work/ta-p/178566

     

     



  • 3.  RE: AAA FastConnect problem (802.1x with NPS, termination on the controller)
    Best Answer

    EMPLOYEE
    Posted Sep 04, 2017 07:43 AM
    @SkiP wrote:

    Hi,

     

    I have a configured lab test environment, which contains an Aruba 7x00 Controller, a couple of APs, and a Windows based RADIUS (NPS) server.

     

    Everything works fine, users can authenticate, till I enabled the termination on the controller. Do I need to install any certificate on it to make it works? (tried install the server cert used for connect on the clients, but got error message: Error Uploading Certificate: Cert missing private key and failed to find a key generated from a CSR request in the system to match it)

     

    NPS configuration:

    NPS Networks PoliciesNPS Networks PoliciesNPS Connection Request PoliciesNPS Connection Request Policies

    User access before Termination enabled (works):

    nps4.JPG

    Denyed access after Termination enabled:

    nps3.JPG

     

    As I see users try to connect by EAP-PEAP and MSChapv2, and that was enabled in the network policy, but correct me!

     

    (Controller configuraton attached.)

    If you have authentication working with your radius server, turning on Termination (AAA Fastconnect) does not add anything.  Termination is a workaround for users who cannot get a certificate on their radius server or are forced to authenticate to LDAP.  Authenticating to a radius server with Termination enabled would require you to upload a server certificate to your controller which is more work, for the same authentication you already have working...