Hello and welcome. My name is Tyler McMahon with Aruba, a Hewlett Packard enterprise company. And this is part 2 video 17, which is going to be the first task in lab 4. So in this task, we're going to be taking a look at the process of getting a client connected to the network using 802.1X and eventually EAP-TLS. In this first task, what we're going to do is connect the client to the lab network using a wire connection on our 38-10 and validate that we are connected without really authenticating enable a wire connection and use that to on board and get the search that we need to be associated. So let's jump on in. Right. [MUSIC] Alright, so the first task here is we are going to connect from the wired wireless test client on port 16 to our Aruba 310. And that connection is just going to work because we haven't enabled authentication on any of the reports yet on the switch side. But we will. Once we've been able to authentication, we can bounce that authentication to ClearPass. Who can then validate that our credentials are correct in active directory. Prior to this, we did show setting up SSH to log in and use our SSH tack acts credentials to carry the traffic to ClearPass and authenticate. So in this one, we're going to take the open connection, download our search through an on board app that ClearPass has available to us. And once those sorts are installed, we can go ahead and turn on the wired authentication. And then in the next lab, lab 5 we'll demonstrate this on the wireless. Let's do the wired side first. So the first thing is, I'm going to go to my wireless machine here. And just to validate that I am connected, I can do an IP config. And with IP config, you can see that we are indeed connected on our Lab, Nic, that we have pointing to our 3810. This particular interface if I were to pop it open, there it is, right there. You can right click on it. And if you've enabled the authentication option here in your services, you can do this in windows and in other operating systems. You can check the box to enable authentication. And then provide a certificate or do a user name and password. I'm going to leave this unchecked and just to show you that it is working, I'll go ahead and disconnect re-enable reconnect here and as soon as I do within a few seconds we're up and running and we've got that IP address and I can ping ClearPass and get a response back. And everything looks great. So far and ClearPass, if I opened up my access tracker and I take a look, there is no current connection coming from my particular user. I didn't provide a username and password at this point, but I will, but I will. So the next step is we're going to use this open connection to go ahead and download, assert from one of ClearPasses features here, which is this onboard function that you can use with ClearPass. Pretty neat. What this will do is it will automatically install a service certificate from my certificate authority in my domain, and it will embed that onto my client machine as well as setting up a local client certificate that I can use on the wired or wireless side to identify myself as an employee or contractor or whatever I like. So the first step is make sure you're connected. Second step is I'm going to open up a browser page to ClearPass. And I'm going to the onboard function here. The reason I'm getting this error message is because the certificate that's being handed to me is signed by the certificate authority in our company or in our lab. And I don't have the root certificate in my root CIA. So if I go to certs.msc on Windows, this is a little file here that allows you to look at your trusted certificates. And if I scroll down here, there is no training dash ARUBA.AD.CA. So if you look alphabetically, no, it's not there. I need that to be able to go to websites, that are signed by that cert to be able to do radius that's signed by that cert, to be able to authenticate anything signed in that root certificate authority trust chain. I need that cert. So that's going to be the first step. The second step is all install a personal certificate that identifies me as the user in this network. This mobile device, this laptop will be authenticated using a certificate. So, with that Web page open, I'm going to go ahead and just accept the certificate for now and get access. You could also provide this through a guest page or a link. As long as this device is brought in and in a trusted connection, we'll go ahead and log in. Now it does require that I authenticate myself. So I'm going to go and do that and log in with the credentials that the lab requires for me to be an employee. And let's go ahead and do that. ClearPass, then sees through my browser that I'm a Windows machine. And so it provides me the onboarding application for Windows. If I was on an apple device that would provide me the apple credentials or Mac OS X was analytics machine, it would provide me with a tar file to download. But in Windows two, simple executable, I click it. It downloads and boom, I am connected. So I go and launch it. Alright, so the quick connect Aruba app is now ready to run. Once it started, any user, any contractor, any employee is probably going to be able to do this themselves. You simply click next, it will give you a few pop ups here. The first one is you're about to install a root CA, from a certificate authority called Training Aruba Active Directory C A. I need this as the basis of my trust. So, yes, I'm going to install that certificate. And then says, let's see, you're about to onboard your identity here. Do you want to trust this as well? Yes, I do, and that's pretty much it. I'm done. In addition to that, because whoever set up ClearPass also put in a wireless profile, I'll have a wireless profile ready to go. To get me connected to my corporate network. I'm finished. That's it. So while the whole process of on boarding and send that up in ClearPass, we'll save that for another advanced course. The results you can't really argue with device provisioning is complete. And with that loaded, let's go down to certificates where this new cert has been added the training Aruba.AD.CA. I can double click on this. Check the validity date. Look at the details of it, but basically this is the CA, the certificate authority that we have throughout our environment. In addition to that, I can go to personal search. I now have a certificates folder, that wasn't there before. And low behold, there's my login, the table 14 cert that's been installed. This is my client Identification cert, that is unique to my user identity. I can also install a separate search for the device I was on. So you can authenticate the machine and the user. With those sorts installed, I'm ready to go ahead and join the network. So let's take a look.