This will be my third question on the topic IF-MAP, mostly because it is hard to find a lot about this topic.
First some observations
Configuration on AOS10:
- Add PEM root certificate to Aruba central
- Load this certificate as a VPN cert
- Configure ifmap at the CLI level of the gateway
On AOS8, I used the following configuration:
- Add PEM root certificate as trusted CA at the Mobility Conductor level
- Configure ifmap at the CLI level of the conductor
Is that the right way to configure ifmap? Should the conductor be sending the metadata to ClearPass instead of the controller?
I also noticed that this certificate loaded at the Conductor level is also sufficient for using Dowloadable user roles.
As you can see below there is no TrustedCA at the user level
But downloadable user roles are working
------------------------------
Martijn van Overbeek
Architect, Netcraftsmen a BlueAlly Company
------------------------------