Setup for RadSec Clients with RadSec capability

Summary

This document provides scripts to complete the installation of RADIUS NAC connect Aruba Wireless Controller.

Note: We use hostname nac-b.opswat.com or nac-eu.opswat.com (for EU regions) for our cloud resources.

Prepare Certificates

From your account, download the RadSec Client certificate.

Upon extraction, a sample Certificate folder should looks like:

Aruba Configuration

Import certificates:

Import the root certificate of the CA that has issued your RADIUS NAC with the type CA certificate

Import your Aruba Client certificate with the type Server certificate

Setup Radius and Role

Bash
    
 
conf taaa rfc-3576-server <NAC-IP>key radsecenable-radsec!aaa authentication-server radius "NAC_RBE"host <NAC-IP>enable-radsecradsec-trusted-cacert-name "RadiusCA"radsec-client-cert "RadSec"!aaa authentication-server radius "NAC_Acct"host <NAC-IP>enable-radsecradsec-trusted-cacert-name "RadiusCA"radsec-client-cert "RadSec"!aaa authentication dot1x "NAC-dot1x_prof"end!write memory
Copy

Create OpenWireless Example

Bash
    
 
conf taaa server-group "NAC_RBE_svrgrp"auth-server "NAC_RBE" position 1!aaa server-group "NAC_Acct_svrgrp"auth-server "NAC_Acct" position 1!aaa authentication mac "SC_Open_RBE_Mac_Auth"delimiter nonecase upper!aaa profile "NAC-Open_SSID"authentication-mac "SC_Open_RBE_Mac_Auth"mac-server-group "NAC_RBE_svrgrp"radius-accounting "NAC_Acct_svrgrp"radius-interim-accountingrfc-3576-server <NAC-IP>!wlan ht-ssid-profile "NAC-Open-htssid_prof"!wlan ssid-profile "NAC-Open-ssid_prof"essid "NAC-Open"ht-ssid-profile "NAC-Open-htssid_prof"!wlan virtual-ap "NAC-Open-vap_prof"aaa-profile "NAC-Open_SSID"ssid-profile "NAC-Open-ssid_prof"vlan <VLAN-ID>!ap-group "NAC"virtual-ap "NAC-Open-vap_prof"!end!write memory
Copy

Last updated on

Was this page helpful?