cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
643
Views
0
Helpful
1
Replies

LDAP issue with ISE/Aruba wireless and Eduroam

Dan Eyster
Cisco Employee
Cisco Employee

One of my customers is using ISE and Aruba wireless.  The Aruba wireless is broadcasting a Eduroam SSID.  They are having issues with students authenticating to the Eduroam SSID.  Below is the description of the issue:

 

"The problem is in the user authentication from ISE to LDAP.  According to Eduroam enigneers, the password needs to be unhashed from ISE to LDAP in order for it to work.  What was recommended was TTLS PAP.  On the Aruba controllers, that is not an option that we can see.  Options are TLS/GTC or PEAP/MSCHAPV2.   So the question is, are there any other clients with an Aruba install broadcasting an Eduroam SSID, utilizing ISE with LDAP as their external identity server?  I know another customer is currently running an Aruba install with ISE but are running it against AD.  Which works well in our environment as well.  But all of the student records are within LDAP."

 

The customer was provided with this following guide: 

https://communities.cisco.com/docs/DOC-75525

 

They also have a TAC case open as well.  

 

Any help is appreciated.

 

Thanks,

 

Dan

1 Reply 1

hslai
Cisco Employee
Cisco Employee

I do not think it matters what EAP options in the controllers have, because the controllers are proxying the EAP requests to the RADIUS server(s) (ISE in this case) but not terminating EAP itself.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: