Wireless Access

Reply
Highlighted
Contributor I

Aruba Wireless to Cisco ACS Leap

In a migration phase from Cisco to Aruba and also ACS to Clearpass, so i need to get 1 SSID connecting to our old Cisco Radius servers to authenicate until we can migrate to clearpass.

Issue is when we use LEAP to authicate the users as they are set to currenty we get the below, so i have allowed the 2 Aruba controllers as a source and can authicate using MS-Chap Peap etc just not Leap so it is like Radius is not getting something from Aruba with Leap anyone seen before?

EAP_LEAP Type not configured

Accepted Solutions
Highlighted
Contributor I

Re: Aruba Wireless to Cisco ACS Leap

Logs on the old ACS are limited and that is a gobal option on the acs server so i have changed the type to Cisco Aironet instead of IETF and going to try a test.

View solution in original post


All Replies
Highlighted
Guru Elite

Re: Aruba Wireless to Cisco ACS Leap

Which Opmode (Encryption type) are you using?

 

Typically you would enable "use-session-key" in the corresponding dot1x profile when using LEAP:  https://www.arubanetworks.com/techdocs/ArubaOS_85_Web_Help/Content/arubaos-solutions/1cli-commands/aaa-auth-dot1x.htm?Highlight=use-session-key


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Highlighted
Contributor I

Re: Aruba Wireless to Cisco ACS Leap

WPA2-Enterprise  Leap username and Password

 

I have enabled that session key setting on the SSID AAA profile but it did not appear to make any difference.

Highlighted
Guru Elite

Re: Aruba Wireless to Cisco ACS Leap

Okay.  Have you already set the EAP type? https://community.cisco.com/t5/wireless-and-mobility/eap-peap-type-not-configured/td-p/1700849

 

 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Highlighted
Contributor I

Re: Aruba Wireless to Cisco ACS Leap

Yes that is already set on the ACS server and it allowed Leap from my Cisco wireless controllers fine

Highlighted
Guru Elite

Re: Aruba Wireless to Cisco ACS Leap

The WLC is typically agnostic to the eap type. The eap type is set between the radius server and the client....

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Highlighted
Contributor I

Re: Aruba Wireless to Cisco ACS Leap

Yes and that is the bit that has me confused as to what the Aubra is doing differnent as it passes them on.

 

Options for the Radius types on the ACS are below i went with IETF but the fact other non Leap authenication is working means i dont think it is that.

Highlighted
Contributor I

Re: Aruba Wireless to Cisco ACS Leap

LEAP Allow LEAP - Use to enable LEAP authentication for users accessing the network from Cisco Aironet Access Point devices.

 

This option is ticked

Highlighted
Guru Elite

Re: Aruba Wireless to Cisco ACS Leap

Is it hitting that rule?

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Highlighted
Contributor I

Re: Aruba Wireless to Cisco ACS Leap

Logs on the old ACS are limited and that is a gobal option on the acs server so i have changed the type to Cisco Aironet instead of IETF and going to try a test.

View solution in original post

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: