Owners manual

ManualsBrandsARUBA NETWORKS ManualsComputers & LaptopsAruba Instant IAP-325 IEEE 802.11ac 1.69 Gbit/s Wireless Access Point - 2.40 GHz, 5 GHz - 8 x Antenna(s) - 8 x Internal Antenna(

111

112

113

114

115

116

117

118

119

120

115 | Wired Profiles Aruba Instant 6.4.0.2-4.1 | User Guide

(Instant AP)# commit apply

To configure a new VLAN assignment rule:

(Instant AP)(config)# wired-port-profile <name>

(Instant AP)(wired ap profile <name>)# set-vlan <attribute>{equals| not-equals| starts-with|

ends-with| contains| matches-regular-expression} <operator> <VLAN-ID>| value-of}

(Instant AP)(wired ap profile <name>)# end

(Instant AP)# commit apply

Configuring Security Settings for a Wired Profile

If you are creating a new wired profile, complete the Wired Settings and VLAN procedures before specifying security

settings. For more information, see Configuring Wired Settings on page 112 and Configuring VLAN Settings for a

WLAN SSID Profile on page 97.

Configuring Security Settings for a Wired Employee Network

You can configure security parameters for an employee network by using the Instant UI or CLI.

In the Instant UI

To configure security parameters for an employee network:

1. Configure the following parameters in the Security tab.

l MAC authentication — To enable MAC authentication, select Enabled. The MACauthentication is disabled

by default.

l 802.1X authentication — To enable 802.1X authentication, select Enabled.

l MAC authentication fail-thru — To enable authentication fail-thru, select Enabled. When this feature is

enabled, 802.1X authentication is attempted when MAC authentication fails. The MAC authentication fail-

thru checkbox is displayed only when both MAC authentication and 802.1X authentication are Enabled.

l Select any of the following options for Authentication server 1:

n New — On selecting this option, an external RADIUS server must be configured to authenticate the users.

For information on configuring an external server, see Configuring an External Server for Authentication on

page 158.Authentication and User Management on page 141

n Internal server— If an internal server is selected, add the clients that are required to authenticate with the

internal RADIUS server. Click the Users link to add the users. For information on adding a user, see

Managing IAP Users on page 141.

l Reauth interval — Specify the interval at which all associated and authenticated clients must be

reauthenticated.

l Load balancing— Set this to Enabled if you are using two RADIUS authentication servers, so that the load

across the two RADIUSservers is balanced. For more information on the dynamic load balancing

mechanism, see Dynamic Load Balancing between Two Authentication Servers on page 155.

2. Click Next. The Access tab details are displayed.

In the CLI

To configure security settings for an employee network:

(Instant AP)(config)# wired-port-profile <name>

(Instant AP)(wired ap profile <name>)# mac-authentication

(Instant AP)(wired ap profile <name>)# l2-auth-failthrough

(Instant AP)(wired ap profile <name>)# auth-server <name>

(Instant AP)(wired ap profile <name>)# server-load-balancing

(Instant AP)(wired ap profile <name>)# radius-reauth-interval <Minutes>

(Instant AP)(wired ap profile <name>)# end

(Instant AP)# commit apply