Owners manual

ManualsBrandsARUBA NETWORKS ManualsComputers & LaptopsAruba Instant IAP-325 IEEE 802.11ac 1.69 Gbit/s Wireless Access Point - 2.40 GHz, 5 GHz - 8 x Antenna(s) - 8 x Internal Antenna(

151

152

153

154

155

156

157

158

159

160

158 | Authentication and User Management Aruba Instant 6.4.0.2-4.1 | User Guide

3. In the Security tab, under Enterprise security settings, select an existing authentication server or create a new

server by clicking New.

4. To enable authentication survivability, select Enabled from the Authentication survivability drop-down. On

enabling this, the IAP authenticates the previously connected clients using EAP-PEAP and EAP-TLS

authentication when connection to the external authentication server is temporarily lost.

5. Specify the cache timeout duration, after which the cached details of the previously authenticated clients expire.

You can specify a value within the range of 1-99 hours and the default cache timeout duration is 24 hours.

6. Click Next and then click Finish to apply the changes.

Important Points to Remember

l Any client connected through CPPM and authenticated through IAP remains authenticated with the IAP even if

the client is removed from the CPPM server during the CPPM downtime.

l Do not make any changes to the authentication survivability cache timeout duration when the authentication

server is down.

l For EAP-PEAP authentication, ensure that the CPPM 6.0.2 or later version is used for authentication. For EAP-

TLS authentication, any external or third-party server can be used.

l For EAP-TLS authentication, ensure that the server and CAcertificates from the authentication servers are

uploaded on IAP. For more information, see Uploading Certificates on page 174.

In the CLI

To configure authentication survivability for a wireless network:

(Instant AP)(config)# wlan ssid-profile <name>

(Instant AP)(SSID Profile <name>)# type {<Employee> | <Voice>| <Guest>}

(Instant AP)(SSID Profile <name>)# auth-server <server-name1>

(Instant AP)(SSID Profile <name>)# auth-survivability

(Instant AP)(SSID Profile <name>)# exit

(Instant AP)(config)# auth-survivability cache-time-out <hours>

(Instant AP)(config)# end

(Instant AP)# commit apply

To view the cache expiry duration:

(Instant AP)# show auth-survivability time-out

To view the information cached by the IAP:

(Instant AP)# show auth-survivability cached-info

To view logs for debugging:

(Instant AP)# show auth-survivability debug-log

Configuring Authentication Servers

This section describes the following procedures:

l Configuring an External Server for Authentication on page 158

l Configuring Dynamic RADIUSProxy Parameters on page 162

Configuring an External Server for Authentication

You can add an external RADIUS server, LDAP server, CPPM server for AirGroup or CoA through the Instant UI or

CLI.

In 6.4.0.2-4.1 release, you can configure TACACS+ server for authenticating management users. For more