11-12-2019 11:10 AM
Is is possilble to have laptop authenitcate using certificate based authenitcation only directly on an AP.
The APs/Laptops have no direct communication back to a Radius/Domain Server as its a standalon site.
As the laptop already have the correct device certificates installed, are we able to install the Root CA Certificate directly onto the APs to allow these laptops to connect?
Cheers
Shane
11-13-2019 03:51 PM
Hey Shane,
You do have a couple option to either use an AP as a RADIUS server with a local user database or to user our XIQ auth service hosted in our public cloud for the user database. The cloud option will not use your cert as the APs use RADSEC to create a secure tunnel to our cloud and then pass PSKs with a linked username (either an email address or end user specified name) to auth with.
11-13-2019 02:45 PM
This dosn't help
As stated the APs have no connection back to any AD Servers.
The APs must be able to authenitcate the laptop without any further communication
Regards
Shane
11-12-2019 01:22 PM
Hey Shane,
You can configure an Aerohive AP to act as the RADIUS as it runs a version of FreeRADIUS. Here is an older document on the process, but it is still the same in XIQ.
Basically give an AP a static IP address, configure the the SSID to use enterprise authentication and then within the SSID configure the AD connector to allow the AP to use your domain controller for certicate authentication.
http://docs.aerohive.com/330000/docs/guides/EAP-TLS_AerohiveRADIUS-AD_Integration.pdf