Setup for RadSec Clients with RadSec capability
Summary
This document provides scripts to complete the installation of RADIUS NAC connect Aruba Wireless Controller.
Note: We use hostname nac-b.opswat.com for Cloud resources. If your device doesn't support hostname, please resolve the IP from that hostname.
Prepare Certificates
From your account, download the RadSec Client certificate.
Upon extraction, a sample Certificate folder should looks like:
Aruba Configuration
Import certificates:
- Import the root certificate of the CA that has issued your RADIUS NAC with the type CA certificate
- Import your Aruba Client certificate with the type Server certificate
- Setup Radius over TLS and Role
conf taaa rfc-3576-server <NAC-IP>key radsecenable-radsec!aaa authentication-server radius "MetaAccess_NAC_RBE"host <NAC-IP>enable-radsecradsec-trusted-cacert-name "RadiusCA"radsec-client-cert "RadSec"!aaa authentication-server radius "MetaAccess_NAC_Acct"host <NAC-IP>enable-radsecradsec-trusted-cacert-name "RadiusCA"radsec-client-cert "RadSec"!aaa authentication dot1x "MetaAccess_NAC-dot1x_prof"end!write memory- Create OpenWireless Example
conf taaa server-group "MetaAccess_NAC_RBE_svrgrp"auth-server "MetaAccess_NAC_RBE" position 1!aaa server-group "MetaAccess_NAC_Acct_svrgrp"auth-server "MetaAccess_NAC_Acct" position 1!aaa authentication mac "SC_Open_RBE_Mac_Auth"delimiter nonecase upper!aaa profile "MetaAccess_NAC-Open_SSID"authentication-mac "SC_Open_RBE_Mac_Auth"mac-server-group "MetaAccess_NAC_RBE_svrgrp"radius-accounting "MetaAccess_NAC_Acct_svrgrp"radius-interim-accountingrfc-3576-server <NAC-IP>!wlan ht-ssid-profile "MetaAccess_NAC-Open-htssid_prof"!wlan ssid-profile "MetaAccess_NAC-Open-ssid_prof"essid "MetaAccess_NAC-Open"ht-ssid-profile "MetaAccess_NAC-Open-htssid_prof"!wlan virtual-ap "MetaAccess_NAC-Open-vap_prof"aaa-profile "MetaAccess_NAC-Open_SSID"ssid-profile "MetaAccess_NAC-Open-ssid_prof"vlan <VLAN-ID>!ap-group "MetaAccess_NAC"virtual-ap "MetaAccess_NAC-Open-vap_prof"!end!write memoryWas this page helpful?
