Secure Access Solution
Summary
This document provides scripts to complete the installation of Cloud NAC with RadSec capability for Aruba
Prepare Certificate
Log into the OPSWAT Central Management console as an administrator
Navigate to RADIUS NAC
Click on OPSWAT Cloud RADIUS
Click on RadSec Clients tab
Click Add RadSec Client button
- Provide a name for the RadSec Client
- Uncheck Automatically detect the RadSec Client vendor
- Select vendor Aruba
- Input the Passphrase
- Click on Add
Upon successfully creation, a message popup should appears reminding user to download the associate certificate.
Download RadSec Clients Certificate
To download the certificate:
- Click on the three dots icon
- Select Download Certificate
A sample Certificate folder should looks like:
Import RadSec Clients Certificate to the NAS
Aruba Configuration
Import certificates:
- Import the root certificate of the CA that has issued your RADIUS NAC with the type CA certificate
- Import your Aruba Client certificate with the type Server certificate
- Setup Radius over TLS and Role
conf taaa rfc-3576-server <NAC-IP>key radsecenable-radsec!aaa authentication-server radius "MetaAccess_NAC_RBE"host <NAC-IP>enable-radsecradsec-trusted-cacert-name "RadiusCA"radsec-client-cert "RadSec"!aaa authentication-server radius "MetaAccess_NAC_Acct"host <NAC-IP>enable-radsecradsec-trusted-cacert-name "RadiusCA"radsec-client-cert "RadSec"!aaa authentication dot1x "MetaAccess_NAC-dot1x_prof"end!write memory- Create OpenWireless Example
conf taaa server-group "MetaAccess_NAC_RBE_svrgrp"auth-server "MetaAccess_NAC_RBE" position 1!aaa server-group "MetaAccess_NAC_Acct_svrgrp"auth-server "MetaAccess_NAC_Acct" position 1!aaa authentication mac "SC_Open_RBE_Mac_Auth"delimiter nonecase upper!aaa profile "MetaAccess_NAC-Open_SSID"authentication-mac "SC_Open_RBE_Mac_Auth"mac-server-group "MetaAccess_NAC_RBE_svrgrp"radius-accounting "MetaAccess_NAC_Acct_svrgrp"radius-interim-accountingrfc-3576-server <NAC-IP>!wlan ht-ssid-profile "MetaAccess_NAC-Open-htssid_prof"!wlan ssid-profile "MetaAccess_NAC-Open-ssid_prof"essid "MetaAccess_NAC-Open"ht-ssid-profile "MetaAccess_NAC-Open-htssid_prof"!wlan virtual-ap "MetaAccess_NAC-Open-vap_prof"aaa-profile "MetaAccess_NAC-Open_SSID"ssid-profile "MetaAccess_NAC-Open-ssid_prof"vlan <VLAN-ID>!ap-group "MetaAccess_NAC"virtual-ap "MetaAccess_NAC-Open-vap_prof"!end!write memoryWas this page helpful?
