Equipment in question;
CPPM 6.8.5 deployment
Cisco 8821 WVoIP
Aruba 7205 Mobility Controller
Aruba 535 Access Point
___________________________
My team and I are currently in the process of deploying a new site and in the process of transitioning from Cisco to Aruba organization wide.
We are unable to have Cisco 8821 connect via EAP-FAST through CPPM
Our current Cisco ISE environment has 8821 authenticating against it using EAP-FAST
Using the same service policy in CPPM using an IOS device we are able to connect, profile, and be assigned a COA on the same voice SSID.
When attempting with a Cisco 8821 we are unable to connect. We are suspecting it may be a certificate issue since we are using the stock manufacturer cert and root CA for the WVoIPs.
When we import the manufacturer cert and root CA from ISE into CPPM for the Cisco 8821's all profiling breaks on both wired and wireless.. very interesting.
When using PEAP-MSCHAPv2 on the WVoIP it will authenticate and profile. We cannot change our 8821's config since they are all in production spread throughout a Cisco environment of 40+ healthcare sites.
Results of WLAN PCAP:
Probe
Auth
Assoc. Request
Response, ID
Encrypted handshake message
Change Cypher Spec, Encrypted handshake method
App data (x5)
Disassoc.
*Restart process*
Any Aruba customer out there currently have cross-pollinated environments with Cisco and Aruba? Also have 8821's in your environment going through CPPM? Any insight or thoughts would be awesome!!
We have spent a bunch of time with TAC and Aruba SE's. Looking from a customer standpoint how this was deployed in your environments.