ExtremeWireless (WiNG)

Hi,

I've been fallowing the below guide for EAP-TLS. Would anyone got more documentation please? This is the first time im trasked with EAP-TLS and could fo with more info.

How To: How to configure WiNG based RADIUS server to process EAP-TLS authentication? | Extreme Portal

Force		remove preview
How To: How to configure WiNG based RADIUS server to process EAP-TLS authentication? | Extreme Portal First of all, make sure you have following done: proper PKI setup to issue certificates for clients & trustpoints your wireless client has proper personal | machine certificate installed with corresponding private key your APs have a valid trustpoint from the same SSL chain of trust If you do not know How to import digital certificate to WiNG controller, follow the relevant article. View this on Force >

Regards
Bart

Hi Bart,
That guide addresses the use case where the WiNG AP/Controller is used as a Radius server and implements EAP-TLS as the authentication method. Of course, that would require you to add certificates to the AP/controllers that are working as Radius server. Usually, you won't use your wireless infrastructure to perform authentication specially in case of EAP-TLS. Not saying its not possible, but its just not done widely. 

In your environment, do you have a Radius server or NAC perhaps that could be used to authenticate Domain computers/user using EAP-TLS? it would be more scalable and easier to maintain.       

Regards,
Ovais
Original Message:
Sent: 11-24-2021 06:05
From: Bart Bielewicz
Subject: Wing EAP-TLS help

Hi,

I've been fallowing the below guide for EAP-TLS. Would anyone got more documentation please? This is the first time im trasked with EAP-TLS and could fo with more info.

How To: How to configure WiNG based RADIUS server to process EAP-TLS authentication? | Extreme Portal

Force		remove preview
How To: How to configure WiNG based RADIUS server to process EAP-TLS authentication? | Extreme Portal First of all, make sure you have following done: proper PKI setup to issue certificates for clients & trustpoints your wireless client has proper personal | machine certificate installed with corresponding private key your APs have a valid trustpoint from the same SSL chain of trust If you do not know How to import digital certificate to WiNG controller, follow the relevant article. View this on Force >

Regards
Bart

Hi Ovais,

Thanks for responding...

Yes, we do have the radius server on the network.

We actually moved a couple of steps forward since my post. as I managed to get a bit better documentation from extreme.

The current issue is that the trustpoint file-sync command fails. Basically, the bundle has been loaded on to VX controller but the file has since failed.

MKTVX1#show file-sync load-file-status
Download of EAPTLS10 trustpoint is complete

but the file sync fails

AP08 failed 2021-11-25 11:28:01 3 MKTVX1 Error in loading trustpoint


AP07 failed 2021-11-25 11:28:01 3 MKTVX1 Error in loading trustpoint


AP26 failed 2021-11-25 11:28:01 3 MKTVX1 Error in loading trustpoint


AP03 failed 2021-11-25 11:28:01 3 MKTVX1 Error in loading trustpoint


Upload the guide I was fallowing for reference.

Any idea please?

Regards
Bart
Original Message:
Sent: 11-25-2021 16:54
From: Ovais Qayyum
Subject: Wing EAP-TLS help

Hi Bart,
That guide addresses the use case where the WiNG AP/Controller is used as a Radius server and implements EAP-TLS as the authentication method. Of course, that would require you to add certificates to the AP/controllers that are working as Radius server. Usually, you won't use your wireless infrastructure to perform authentication specially in case of EAP-TLS. Not saying its not possible, but its just not done widely. 

In your environment, do you have a Radius server or NAC perhaps that could be used to authenticate Domain computers/user using EAP-TLS? it would be more scalable and easier to maintain.       

Regards,
Ovais
Original Message:
Sent: 11-24-2021 06:05
From: Bart Bielewicz
Subject: Wing EAP-TLS help

Hi,

I've been fallowing the below guide for EAP-TLS. Would anyone got more documentation please? This is the first time im trasked with EAP-TLS and could fo with more info.

How To: How to configure WiNG based RADIUS server to process EAP-TLS authentication? | Extreme Portal

Force		remove preview
How To: How to configure WiNG based RADIUS server to process EAP-TLS authentication? | Extreme Portal First of all, make sure you have following done: proper PKI setup to issue certificates for clients & trustpoints your wireless client has proper personal | machine certificate installed with corresponding private key your APs have a valid trustpoint from the same SSL chain of trust If you do not know How to import digital certificate to WiNG controller, follow the relevant article. View this on Force >

Regards
Bart

Hi Bart,

Just to make sure what path should we follow - do you need the WiNG onboard RADIUS server be used to work with EAP-TLS, or would proxying to your existing RADIUS do the work?

Cheers,
Tomasz
Original Message:
Sent: 11-26-2021 05:26
From: Bart Bielewicz
Subject: Wing EAP-TLS help

Hi Ovais,

Thanks for responding...

Yes, we do have the radius server on the network.

We actually moved a couple of steps forward since my post. as I managed to get a bit better documentation from extreme.

The current issue is that the trustpoint file-sync command fails. Basically, the bundle has been loaded on to VX controller but the file has since failed.

MKTVX1#show file-sync load-file-status
Download of EAPTLS10 trustpoint is complete

but the file sync fails

AP08 failed 2021-11-25 11:28:01 3 MKTVX1 Error in loading trustpoint


AP07 failed 2021-11-25 11:28:01 3 MKTVX1 Error in loading trustpoint


AP26 failed 2021-11-25 11:28:01 3 MKTVX1 Error in loading trustpoint


AP03 failed 2021-11-25 11:28:01 3 MKTVX1 Error in loading trustpoint


Upload the guide I was fallowing for reference.

Any idea please?

Regards
Bart
Original Message:
Sent: 11-25-2021 16:54
From: Ovais Qayyum
Subject: Wing EAP-TLS help

Hi Bart,
That guide addresses the use case where the WiNG AP/Controller is used as a Radius server and implements EAP-TLS as the authentication method. Of course, that would require you to add certificates to the AP/controllers that are working as Radius server. Usually, you won't use your wireless infrastructure to perform authentication specially in case of EAP-TLS. Not saying its not possible, but its just not done widely. 

In your environment, do you have a Radius server or NAC perhaps that could be used to authenticate Domain computers/user using EAP-TLS? it would be more scalable and easier to maintain.       

Regards,
Ovais
Original Message:
Sent: 11-24-2021 06:05
From: Bart Bielewicz
Subject: Wing EAP-TLS help

Hi,

I've been fallowing the below guide for EAP-TLS. Would anyone got more documentation please? This is the first time im trasked with EAP-TLS and could fo with more info.

How To: How to configure WiNG based RADIUS server to process EAP-TLS authentication? | Extreme Portal

Force		remove preview
How To: How to configure WiNG based RADIUS server to process EAP-TLS authentication? | Extreme Portal First of all, make sure you have following done: proper PKI setup to issue certificates for clients & trustpoints your wireless client has proper personal | machine certificate installed with corresponding private key your APs have a valid trustpoint from the same SSL chain of trust If you do not know How to import digital certificate to WiNG controller, follow the relevant article. View this on Force >

Regards
Bart

Thanks for sharing this info this is useful keep it up.
mcdvoice customer survey
Original Message:
Sent: 12-10-2021 15:44
From: Tomasz
Subject: Wing EAP-TLS help

Hi Bart,

Just to make sure what path should we follow - do you need the WiNG onboard RADIUS server be used to work with EAP-TLS, or would proxying to your existing RADIUS do the work?

Cheers,
Tomasz
Original Message:
Sent: 11-26-2021 05:26
From: Bart Bielewicz
Subject: Wing EAP-TLS help

Hi Ovais,

Thanks for responding...

Yes, we do have the radius server on the network.

We actually moved a couple of steps forward since my post. as I managed to get a bit better documentation from extreme.

The current issue is that the trustpoint file-sync command fails. Basically, the bundle has been loaded on to VX controller but the file has since failed.

MKTVX1#show file-sync load-file-status
Download of EAPTLS10 trustpoint is complete

but the file sync fails

AP08 failed 2021-11-25 11:28:01 3 MKTVX1 Error in loading trustpoint


AP07 failed 2021-11-25 11:28:01 3 MKTVX1 Error in loading trustpoint


AP26 failed 2021-11-25 11:28:01 3 MKTVX1 Error in loading trustpoint


AP03 failed 2021-11-25 11:28:01 3 MKTVX1 Error in loading trustpoint


Upload the guide I was fallowing for reference.

Any idea please?

Regards
Bart
Original Message:
Sent: 11-25-2021 16:54
From: Ovais Qayyum
Subject: Wing EAP-TLS help

Hi Bart,
That guide addresses the use case where the WiNG AP/Controller is used as a Radius server and implements EAP-TLS as the authentication method. Of course, that would require you to add certificates to the AP/controllers that are working as Radius server. Usually, you won't use your wireless infrastructure to perform authentication specially in case of EAP-TLS. Not saying its not possible, but its just not done widely. 

In your environment, do you have a Radius server or NAC perhaps that could be used to authenticate Domain computers/user using EAP-TLS? it would be more scalable and easier to maintain.       

Regards,
Ovais
Original Message:
Sent: 11-24-2021 06:05
From: Bart Bielewicz
Subject: Wing EAP-TLS help

Hi,

I've been fallowing the below guide for EAP-TLS. Would anyone got more documentation please? This is the first time im trasked with EAP-TLS and could fo with more info.

How To: How to configure WiNG based RADIUS server to process EAP-TLS authentication? | Extreme Portal

Force		remove preview
How To: How to configure WiNG based RADIUS server to process EAP-TLS authentication? | Extreme Portal First of all, make sure you have following done: proper PKI setup to issue certificates for clients & trustpoints your wireless client has proper personal | machine certificate installed with corresponding private key your APs have a valid trustpoint from the same SSL chain of trust If you do not know How to import digital certificate to WiNG controller, follow the relevant article. View this on Force >

Regards
Bart