Solved: Guest CWA on Aruba Wireless controller

Neelesh Marathe · ‎07-19-2016

Team,

Could you please help me with link to download 'how to guide for Guest CWA with Aruaba on ISE 2.0.1,. I did find some links but all documents are using Aruba iAP for demonstrating the use case. Options and settings are different in Aruba AP and WLC and I want the document for Aruba Wireless controller

I am working on ISE opportunity where I need to showcase guest usecase on Aruba devices. Customer is having Aruba 3600 with OS 6.4

Thanks,

Neelesh Marathe

thomas · ‎07-19-2016

Did you look at our ISE Design & Integration Guides?

Specifically, the section for Aruba Wireless?

View solution in original post

thomas · ‎07-19-2016

Did you look at our ISE Design & Integration Guides?

Specifically, the section for Aruba Wireless?

Neelesh Marathe · ‎07-19-2016

Hello Thomas,

Thanks for the pointers. I checked these already. ISE 2.0 3rd party integration with Aruba explains the BYOD flow with Aruba AP. Other guide explains the flow with Aruba controller using ISE 1.2. is it still valid for ISE 2.0.1?

I did observe that settings are different in Aruba AP and Aruba controllers.

Thanks,

Neelesh Marathe

Neelesh Marathe · ‎07-20-2016

Team,

We referred both the documents but redirection on Aruba device is not working. We can see ISE is giving redirect URL and ACL in ISE logs.As there is no option in Aruba GUI to define CoA port in in RFC, we have defined it through CLI and updated the firewall policies on Aruba. We do have TAC case opened for this and engineer has mentioned that TAC is not responsible for Aruba part if ISE is giving correct attributes. TAC engineer has provided the same document which again uses Aruba AP as test component.

I might be making some mistake here while configuring the Aruba and for the same reason, I want updated 'how to guide' specific to Aruba WLC and not AP with newer ISE versions. So I can validate if settings are correct. Customer is having Aruba 3600 with OS 6.4.

Thanks,

Neelesh Marathe

Craig Hyps · ‎07-20-2016

ISE does not need to return a URL redirect to Aruba Controller. Instead, it returns a role authorization. The role will point to policy which points to captive portal which uses the static URL provided in the ISE Authorization Profile where NAD Profile for Aruba Wireless set. NAD Profile also specifies desired CoA port for vendor which is 3799 by default for Aruba.

Be sure to create access control policy which allows access to PSN on guest port (8443 by default). Specify Captive Portal Profile which references the static URL given by ISE.

It sounds like you are a Cisco Partner. If so, you also have access to more detailed training content from Partner Security SEVT sessions delivered on this subject (October 2015 and April 2015). ISE 2.0 Techtorial delivered in October session shows NAD Profile configuration and highlights Aruba wireless use case using Aruba Controller.

/Craig

Arne Bier · ‎09-07-2017

Hi chyps

I went looking for the SEVT documents you referred to above - I can't find them. I also work for a Cisco Partner and I am getting close to needing to integrate Aruba gear into my ISE Guest solution. I would also appreciate some background reading on this - those SEVT sessions sound promising. Is there a link for them?

thanks in advance

Arne

Craig Hyps · ‎09-07-2017

If unable to find partner content, please reach out to your Channel contact.

Also check out Aruba-7005-NAD-Config and ArubaWireless_ArubaOS_6_4_2_5.zip