Wireless Access

Occasional Contributor II

VIA and MacOS ( what am I missing?)

Running VIA on a 3600 with version

Windows VIA clients (32 and 64 bit) both connect fine, as does the new iPad client, but I'm missing something, as Mac version isn't working.


Controller log shows Auth failure, but the LDAP server isn't even getting the request ( as per the LDAP server logs)


Dec 13 15:29:46  l2tp[541]: <105003> <ERRS> |l2tp|  PPP/VPN Authentication failed fairlie PAP.  
Please check authentication server radius/ldap/tacacs logs.


I have it set to fail to the internal DB and that does work.. so what am I missing?


( I saw in the other thread that there was a difference bt. Mac and Windows configs on the controller, but didn't want to jack that thread)



Guru Elite

Re: VIA and MacOS ( what am I missing?)

The configs on your firewall is different because the mac requires more ports inbound to your network:


You need:


UDP— 500, 1701, and 4500

TCP—1723, 443
IP protocol— 50 

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Occasional Contributor II

Re: VIA and MacOS ( what am I missing?)

Thanks for the quick reply.


Are you referring to firewall rules on the controller itself, or our WAN firewall ( because currently I have wide open access to the controller from outside on the WAN firewall ( not blocking anything)

Aruba Employee

Re: VIA and MacOS ( what am I missing?)


The VIA client on Mac OS authenticates against the server configured under the 'VPN authentication profile', which is different from the Windows/iOS clients that authenticate against the server under 'VIA authentication profile'.

Therefore you would have to provision your LDAP server under VPN Authentication Profile->default->Server Group.

Hope this helps.



Occasional Contributor II

Re: VIA and MacOS ( what am I missing?)

Yep, adding the LDAP servers in the VPN auth profile did the job.


Thanks guys!

Contributor I

Re: VIA and MacOS ( what am I missing?)

i have the vpn authentication profile configured to reflect the same server group as the VIA authentication profile and I am still having issues with MAC OS devices connecting. here is the error message on the controller: <l2tp 105003>  <ERRS> |l2tp|  PPP/VPN Authentication failed (user name) MSCHAPv2.

Search Airheads
Showing results for 
Search instead for 
Did you mean: