This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Wing EAP-TLS help

Wing EAP-TLS help

Bart_Bielewicz
New Contributor II

‎11-24-2021 06:06 AM

Hi,

I've been fallowing the below guide for EAP-TLS. Would anyone got more documentation please? This is the first time im trasked with EAP-TLS and could fo with more info.

How To: How to configure WiNG based RADIUS server to process EAP-TLS authentication? | Extreme Porta...
Force remove preview
How To: How to configure WiNG based RADIUS server to process EAP-TLS authentication? | Extreme Portal
First of all, make sure you have following done: proper PKI setup to issue certificates for clients & trustpoints your wireless client has proper personal | machine certificate installed with corresponding private key your APs have a valid trustpoint from the same SSL chain of trust If you do not know How to import digital certificate to WiNG controller, follow the relevant article.
View this on Force >

Regards
Bart
5 REPLIES 5

Ovais_Qayyum
Extreme Employee

‎11-25-2021 04:55 PM

Hi Bart,
That guide addresses the use case where the WiNG AP/Controller is used as a Radius server and implements EAP-TLS as the authentication method. Of course, that would require you to add certificates to the AP/controllers that are working as Radius server. Usually, you won't use your wireless infrastructure to perform authentication specially in case of EAP-TLS. Not saying its not possible, but its just not done widely. 

In your environment, do you have a Radius server or NAC perhaps that could be used to authenticate Domain computers/user using EAP-TLS? it would be more scalable and easier to maintain.       

Regards,
Ovais

Bart_Bielewicz
New Contributor II
In response to Ovais_Qayyum

‎11-26-2021 05:27 AM

Hi Ovais,

Thanks for responding...

Yes, we do have the radius server on the network.

We actually moved a couple of steps forward since my post. as I managed to get a bit better documentation from extreme.

The current issue is that the trustpoint file-sync command fails. Basically, the bundle has been loaded on to VX controller but the file has since failed.

MKTVX1#show file-sync load-file-status
Download of EAPTLS10 trustpoint is complete

but the file sync fails

AP08 failed 2021-11-25 11:28:01 3 MKTVX1 Error in loading trustpoint


AP07 failed 2021-11-25 11:28:01 3 MKTVX1 Error in loading trustpoint


AP26 failed 2021-11-25 11:28:01 3 MKTVX1 Error in loading trustpoint


AP03 failed 2021-11-25 11:28:01 3 MKTVX1 Error in loading trustpoint


Upload the guide I was fallowing for reference.

Any idea please?

Regards
Bart
Preview file
991 KB
0 Kudos

Tomasz
Valued Contributor II
In response to Bart_Bielewicz

‎12-10-2021 03:44 PM

Hi Bart,

Just to make sure what path should we follow - do you need the WiNG onboard RADIUS server be used to work with EAP-TLS, or would proxying to your existing RADIUS do the work?

Cheers,
Tomasz
0 Kudos

jamesanderson23
New Contributor
In response to Tomasz

‎06-14-2023 03:14 AM - edited ‎06-14-2023 03:15 AM

one of the best information thanks for sharing tomas 

paint spray

0 Kudos
GTM-P2G8KFN