Cloud Managed Networks

Hello all,

I'm creating a test environment with Central NAC and Aruba Onboarding.

I'm stuck on an issue with a client attempting to connect to my test SSID.  It's downloaded the network profile through HPE Onboarding app, but when it tries to connect to the SSID it rejects the authentication certificate.

I followed the instructions shown here for the authentication profile: Authentication and Authorization

Hpe		remove preview
Authentication and Authorization Overview of authentication and authorization policies in Central NAC View this on Hpe >

My problem is that in the instructions for the Authentication Profile, it shows EAP as an Authentication Type option.  Then at the bottom you get options for selecting the Default Certificate or using a Custom one.

In my environment, I don't have just EAP as an option.  I only have EAP-TLS.  This doesn't provide options on the bottom to select a certificate.  So where do I set a certificate now to provide to the client?  

Thanks!

EAP has been renamed to EAP-TLS in the Authentication Profile. So that is correct.

Did you check if any request is reaching Central NAC? Please go to Central NAC > Clients. 

If you don't see the Wireless 802.1x request on that page there is probably an issue between the AP and Central NAC. Make sure TCP port 2083 (RadSec) is allowed from the AP to Central NAC.

Please also check the client in Central monitoring. Probably listed under the failed clients. Simply search for the MAC address in the Search Bar. This can help to root cause the issue. 

------------------------------
Willem Bargeman
Systems Engineer Aruba
ACEX #125
------------------------------

You nailed it, that's exactly what it was.  My client wouldn't even show up as a failed attempt in Central.  Then I looked up the IP address of the AP in the firewall and RadSec was being blocked.  As soon as I allowed that out, my client connected.

Thank you!

Original Message:
Sent: Jun 02, 2026 03:23 PM
From: willembargeman
Subject: Central NAC onboarding issue

EAP has been renamed to EAP-TLS in the Authentication Profile. So that is correct.

Did you check if any request is reaching Central NAC? Please go to Central NAC > Clients. 

If you don't see the Wireless 802.1x request on that page there is probably an issue between the AP and Central NAC. Make sure TCP port 2083 (RadSec) is allowed from the AP to Central NAC.

Please also check the client in Central monitoring. Probably listed under the failed clients. Simply search for the MAC address in the Search Bar. This can help to root cause the issue. 

------------------------------
Willem Bargeman
Systems Engineer Aruba
ACEX #125
------------------------------