Owners manual
102 | Wireless Network Profiles Aruba Instant 6.4.0.2-4.1 | User Guide
Parameter Description
Security Level
Type
l RADIUSServer
l LDAP Server
l CPPMServer for AirGroup CoA
For information on configuring external servers, see Configuring an
External Server for Authentication on page 158.
l To use an internal server, select Internal server and add the clients that
are required to authenticate with the internal RADIUS server. Click the
Users link to add the users. For information on adding a user, see
Managing IAP Users on page 141.
If an external server is selected, you can also configure another
authentication server.
Load balancing Set this to Enabled if you are using two RADIUS authentication servers, so
that the load across the two RADIUSservers is balanced. For more
information on the dynamic load balancing mechanism, see Dynamic Load
Balancing between Two Authentication Servers on page 155.
Enterprise,
Personal, and Open
security levels.
Reauth interval Specify a value for Reauth interval. When set to a value greater than zero,
APs periodically reauthenticate all associated and authenticated clients.
Enterprise,
Personal, and Open
security levels.
Blacklisting
To enable blacklisting of the clients with a specific number of authentication
failures, select Enabled from the Blacklisting drop-down list and specify a
value for Max authentication failures. The users who fail to authenticate the
number of times specified in Max authentication failures field are
dynamically blacklisted.
Enterprise,
Personal, and Open
security levels.
Accounting To enable accounting, select Enabled from the Accounting drop-down list.
On setting this option to Enabled, APs post accounting information to the
RADIUS server at the specified Accounting interval.
Enterprise,
Personal, and Open
security levels.
Authentication
survivability
To enable authentication survivability, set Authentication survivability to
Enabled. Specify a value in hours for Cache timeout (global) to set the
duration after which the authenticated credentials in the cache must expire.
When the cache expires, the clients are required to authenticate again. You
can specify a value within range of 1 to 99 hours and the default value is 24
hours.
NOTE: The authentication survivability feature requires ClearPass Policy
Manager 6.0.2 or later, and is available only when the New server option is
selected authentication. On setting this parameter to Enabled, Instant
authenticates the previously connected clients using EAP-PEAP
authentication even when connectivity to ClearPass Policy Manager is
temporarily lost. The Authentication survivability feature is not applicable
when a RADIUS server is configured as an internal server.
Enterprise security
level
MAC
authentication
To enable MAC address based authentication for Personal and Open
security levels, set MAC authentication to Enabled.
For Enterprise security level, the following options are available:
l Perform MAC authentication before 802.1X — Select this checkbox to
use 802.1X authentication only when the MAC authentication is
successful.
l MAC authentication fail-thru — On selecting this checkbox, the 802.1X
authentication is attempted when the MAC authentication fails.
Enterprise,
Personal, and Open
security levels.
Table 21:
Configuration Parameters for WLANSecurity Settings in an Employee or Voice Network