This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Laptop Certificate Based Authentication only

Laptop Certificate Based Authentication only

shane_sanderson
New Contributor II

‎11-12-2019 11:10 AM

Is is possilble to have laptop authenitcate using certificate based authenitcation only directly on an AP.

The APs/Laptops have no direct communication back to a Radius/Domain Server as its a standalon site.

As the laptop already have the correct device certificates installed, are we able to install the Root CA Certificate directly onto the APs to allow these laptops to connect?

 

Cheers

Shane

0 Kudos
3 REPLIES 3

AnonymousM
Valued Contributor II

‎11-13-2019 03:51 PM

Hey Shane,

You do have a couple option to either use an AP as a RADIUS server with a local user database or to user our XIQ auth service hosted in our public cloud for the user database. The cloud option will not use your cert as the APs use RADSEC to create a secure tunnel to our cloud and then pass PSKs with a linked username (either an email address or end user specified name) to auth with.

611e2dee57214e988477f99a4ecb7ef9_0690c000009RZkDAAW.png

Screen Shot 2019-11-13 at 8.50.33 AM

Screen Shot 2019-11-13 at 8.51.19 AM

0 Kudos

shane_sanderson
New Contributor II

‎11-13-2019 02:45 PM

This dosn't help

As stated the APs have no connection back to any AD Servers.

The APs must be able to authenitcate the laptop without any further communication

 

Regards

Shane

0 Kudos

AnonymousM
Valued Contributor II

‎11-12-2019 01:22 PM

Hey Shane,

You can configure an Aerohive AP to act as the RADIUS as it runs a version of FreeRADIUS. Here is an older document on the process, but it is still the same in XIQ.

Basically give an AP a static IP address, configure the the SSID to use enterprise authentication and then within the SSID configure the AD connector to allow the AP to use your domain controller for certicate authentication.

http://docs.aerohive.com/330000/docs/guides/EAP-TLS_AerohiveRADIUS-AD_Integration.pdf

0 Kudos
GTM-P2G8KFN