Aruba Wireless 802.1x losing username.
So we have a bunch of Aruba 215 access points running with a virtual controller.
I have set up a radius server and from the CLI i can successfully authenticate
aaa test-server ISE-01 username aaron.street@park-now.com password <password> auth-type pap
Radius server ISE-01 test successfully
on the Radius "ISE" server i see
However when i assign these radius server to a SSID and try to authenticate a client it gets
where did the USername go? This same set up on ISE works fine with the Meraki wireless but Aruba is having issues.
HAs any one else has issues trying to run PEAP and EAP-TLS on Aruba wireless over 802.1x
I have set up a radius server and from the CLI i can successfully authenticate
aaa test-server ISE-01 username aaron.street@park-now.com password <password> auth-type pap
Radius server ISE-01 test successfully
on the Radius "ISE" server i see
Event 5200 Authentication succeeded
Username aaron.street@park-now.com
Endpoint Id A8:BD:27:CF:3B:8E
Endpoint Profile HP-Device
Authentication Policy Default >> Default
Authorization Policy Default >> Basic_Authenticated_Access
However when i assign these radius server to a SSID and try to authenticate a client it gets
Event 5400 Authentication failed
Username USERNAME
Endpoint Id A4:50:46:1F:13:33
Endpoint Profile
Authentication Policy Wireless_POC >> Default
Authorization Policy Wireless_POC
where did the USername go? This same set up on ISE works fine with the Meraki wireless but Aruba is having issues.
HAs any one else has issues trying to run PEAP and EAP-TLS on Aruba wireless over 802.1x
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Please clarify your question, do you mean your issue is the realm not being included?
Does your Aruba setup go beyond authorizing based on MAC address of the device connecting? Does it promot your for credentials?
Check to confirm if the endpoint Id is the MAC address of the wireless connection on the device it tried to authorize on the Aruba.
Does your Aruba setup go beyond authorizing based on MAC address of the device connecting? Does it promot your for credentials?
Check to confirm if the endpoint Id is the MAC address of the wireless connection on the device it tried to authorize on the Aruba.
Issue was ISE / Aruba missmatch, ARuba does not send a "normalized Radius SSID" which is what the policy on ISE is using to match incoming requests. The police also authenticate other Wireless vendor network we have set up"
Because it was not matching a policy it was not getting authenticate and because not getting authenticate it is dropped before the EAP packet is encapsulated and it can pull out the User name.
Adding in to the policy an or statement so it says
IF ("Normalized Radius SSID = X" or "Aruba-ESSID Name = X") then match this policy, then the authentication is carried out correctly.
Because it was not matching a policy it was not getting authenticate and because not getting authenticate it is dropped before the EAP packet is encapsulated and it can pull out the User name.
Adding in to the policy an or statement so it says
IF ("Normalized Radius SSID = X" or "Aruba-ESSID Name = X") then match this policy, then the authentication is carried out correctly.
Premium Content
You need an Expert Office subscription to comment.Start Free Trial