Wireless Access

last person joined: 10 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

EAP-TLS on IAP using Internal Server?

This thread has been viewed 10 times

  • 1.  EAP-TLS on IAP using Internal Server?

    Posted Aug 05, 2018 12:11 AM

    Is it possible to use EAP-TLS in Instants with the internal authentication server (not an external RADIUS server)?

     

    I have been trying to get it to work for a while, won't authenticate. Works just fine with PEAP, but not TLS. Any feedback will be most appreciated.



  • 2.  RE: EAP-TLS on IAP using Internal Server?

    MVP EXPERT
    Posted Aug 05, 2018 07:59 AM

    -removed by user-



  • 3.  RE: EAP-TLS on IAP using Internal Server?

    MVP EXPERT
    Posted Aug 05, 2018 07:59 AM
    No... for eap-tls certificate authentiction you always need a radius server like ClearPass, NPS or other radius server.


  • 4.  RE: EAP-TLS on IAP using Internal Server?

    Posted 29 days ago

    Respecfully , this is incorrect as described below and on EAP-TLS with just an Aruba Instant AP? (youtube.com)


    Original Message


  • 5.  RE: EAP-TLS on IAP using Internal Server?

    EMPLOYEE
    Posted Aug 06, 2018 03:46 AM

    Following the Aruba Instant User Guide (6.5.4.0) this should be supported:

     

    EAP-TLS—The EAP-TLS method supports the termination of EAP-TLS security using the internal RADIUS server. The EAP-TLS requires both server and CA certificates installed on the Instant AP. The client certificate is verified on the virtual controller (the client certificate must be signed by a known CA) before the username is verified on the authentication server.

     

     

    If you can't make it work with the guidance in the User Guide, you can work with Aruba TAC. An external RADIUS server is recommended though.