Wireless Access

Reply
Highlighted

Re: Step-by-step tutorial for deploying 1 wireless controller with different VLANs

Hey Chugr,

 

As you're doing 802.1x EAP-PEAP authentication and terminating it on the controller you'll want to have a root CA and server certificate on your controller to secure the authentication.

 

Windows devices when connecting (by default) will attempt to validate the authentication server (controller in this case) using the certificate the server provides. This is possibly why it's failing. You could try to turn off "Validate server certificate" in the wireless settings on your client as a test. But I wouldn't leave it like this.

 

If at all possible though I'd try to use an external RADIUS server. Do you have Active Directory or LDAP that you can authenticate against?

 

Cheers
James


Cheers
James
----------------------------------------------------------------------
--------------------------@whereisjrw--------------------------
---------------------------------blog-------------------------------
ACCX #540 | ACMX #353 | ACDX #216 | AMFX #11
----------------------------------------------------------------------
----------------------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
Highlighted
Occasional Contributor II

Re: Step-by-step tutorial for deploying 1 wireless controller with different VLANs

Hi James,

 

Thank you for your reply!

 

All the tests were performeed using a Linux laptop and Android mobile phones, so no Windows clients. My guess is that something is missing or not configured correctly.

 

We need to use the controller's internal database for now and authentication against AD is what we will eventually move to in the near future.

Highlighted
Occasional Contributor II

Re: Step-by-step tutorial for deploying 1 wireless controller with different VLANs

chugr,

 

Setting up RADIUS on AD is actually very easy.  Does your domain controller run on 03 or 08?  In 03 you will add IAS and use the RADIUS part from there, from 08 I forget exactly what it is called, but I think it is NAS (network access server??).   It might just be worth scrapping what you've done and starting from scratch and setting it up the way you want it to work in the end instead of migrating a little at a time.

Highlighted
Occasional Contributor II

Re: Step-by-step tutorial for deploying 1 wireless controller with different VLANs

Hi aedwards,

 

Thank you for the information.

 

There is no AD at this point, it is something that we will implement in the near future. That is the reason we need to use the controller's internal database for the time being.

Highlighted
Occasional Contributor II

Re: Step-by-step tutorial for deploying 1 wireless controller with different VLANs

Can you tell me what version of software you are running on the controller and can you give me a full description of what you are trying to accomplish?  I'll try to put together a quick how to.

Highlighted
Occasional Contributor II

Re: Step-by-step tutorial for deploying 1 wireless controller with different VLANs

Hi aedwards,

 

We are running ArubaOS 6.1.3.4. Our goal is to have 2 WLANs: one for the employees (WPA EAP-PEAP, authentication against the controller's internal database) and one for the guests (captive portal, authentication against the controller's internal database). Until now, we have tried to configure the employee WLAN (please refer to the attached configuration on a previous message). It would be great if you could complie a small step-by-step guide on how to accomplice this!

Highlighted
Occasional Contributor II

Re: Step-by-step tutorial for deploying 1 wireless controller with different VLANs

Try this.  Let me know if it works or not. 

Highlighted
Occasional Contributor II

Re: Step-by-step tutorial for deploying 1 wireless controller with different VLANs

Hi,

 

Thank you very much for the guide.

 

I have a few questions:

 

1) Why do we select VLAN1 for the employee WLAN? In case we want a separate VLAN for the employees (as in our case), shouldn't we select it accordingly?

 

2) It seems that whatever I try to configure through the wizards, is not saved. Can I do something about it?

Highlighted
Occasional Contributor II

Re: Step-by-step tutorial for deploying 1 wireless controller with different VLANs

For the VLAN1 question, yes, you can select whatever you need.  I just did 1 assuming that you weren't using a seperate VLAN.

 

For the wizards not saving question, I'm not sure.  I have seen issues with different browsers not working quite right.  I'm on 6.2 now on mine and the dashboard will not show up in firefox but looks fine in IE.  Might want to try a new browser.  Also make sure you click Finish as long as it shows up.  Some of the wizards have to get clicked 2 or 3 times.  Last, try upgrading your software again.  It could be corrupt.  If all of that fails, you'll want to open a ticket with support.

Highlighted
Occasional Contributor II

Re: Step-by-step tutorial for deploying 1 wireless controller with different VLANs

Were you able to get it working?

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: