Wireless Access

Reply
Guru Elite

Re: Question about the 802.1x certificate

Despite what the instructions I posted said, all you need to do is:

 

1.  Configure the Radius Server entry on the Aruba Controller

2.  Run the LAN WLAN Wizard and create a WPA2-AES SSID that points to that Radius server

3.  On the Radius server, of course create a client entry for the Aruba Controller

4.  On the Radius server, create a remote access policy that has "Smartcard", instead of PEAP allowing users/devices

5.  Browse to the certificate server with the client using the http://x.x.x.x/CertSrv and request a client cert.  Install it on that client

6.  Create a WLAN entry on the client that is WPA2-AES with "SmartCard or Certificate" and allow simple cert selection

7.  Connect it to the Broadcasted SSID and you should be done.

 

All the termination stuff and signing is not necessary.  It is for EAP-TLS termination which is an advanced topic.

AAA test server will not work unless in a remote access policy you are allowing peap, EAP-PEAP which is username and password authentication.  There is no such test for certificate-based authentication.

 

In a true domain, Step 5 can be eliminated by configuring an autoenrollment group policy so that all clients automatically get certs when they contact the domain.

 

I hope this even helps.

 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Occasional Contributor II

Re: Question about the 802.1x certificate


 It is for EAP-TLS termination which is an advanced topic.

 



This is what i need..

Guru Elite

Re: Question about the 802.1x certificate

Yes, but you should get straightforward TLS working before you can add TLS Termination.

 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Occasional Contributor II

Re: Question about the 802.1x certificate

I got everything working.. I forgot to go back and change the NPS to cert based instead of PEAP.. Thanks for the help..

Guru Elite

Re: Question about the 802.1x certificate

Glad to hear it!


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: