Aruba Central setup for RadSec
Setting up Aruba equipment to work with Foxpass RadSec
Foxpass RadSec allows a RADIUS connection via TLS for an additional layer of security. This setup guide will help you configure Aruba equipment with Foxpass RadSec.
Configure Aruba
- Download the Foxpass RadSec Server CA from the Foxpass RadSec page.
- Download the RadSec Client Certificate and Key from the same page.
- Combine the contents of the certificate and key into a new file with a .pem extension, with a newline between them. The resulting file should look something like this:
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
- In Aruba Central navigate to Global | Organization | Network Structure | Certificates
- Under Device Certificates > Certificate Store click the plus. Name the certificate and ensure that the type is set to CA Certificate and the format is set to PEM. Upload the CA .crt file downloaded in Step 1.
- Click the plus once more. Name the certificate and ensure that the type is set to Server Certificate and the format is set to PEM. Upload the Cert+Key file created in Step 3.
Configure SSID for RadSec
- In Aruba Central navigate to <any access point/controller> | Devices | WLANs. Click Add SSID. Name the SSID and click Next.
- Leave the Traffic forwarding mode and Client VLAN Assignment on Bridge and Static respectively. Add whichever VLAN you would like the network to pull IP address from, most likely 1, and click Next.
- Set the Security Level to Enterprise and click the + next to Primary Server. Name the new server, set the Server Type to RADIUS, enable Radsec, ensure the Radsec Port is 2083, the Radsec Keepalive Type is TCP Keepalive, and the IP Address/FQDN is radius.foxpass.com, then click OK.
- Make sure that the Security Level is Enterprise, the Key Management is WPA2-Enterprise, the Server Group is Primary and backup only and the Primary server is the authentication server you just created in Step 3, and click Next.
- Configure the Roles and Rules as you see fit and click Next to reach the Summary confirmation page. Then click Finish to create the SSID.
- Click Show Advanced to reveal the rest of the tabs in the Device menu. Navigate to the Security tab. Expand Certificate Usage and the expand the sub category also named Certificate Usage. Set the Certificate Authority and RadSec CA fields to the certificate authority entry you created in Step 5 of the previous section. Set the Authentication Server and RadSec Client Certs to the server certificate entry you created in Step 6 of the previous section. Click Save Settings to publish your changes.
- Now connect to your SSID.
- You can see successful/unsuccessful logs on the radius logs page.
Updated 5 months ago