Owners manual

ManualsBrandsARUBA NETWORKS ManualsComputers & LaptopsAruba Instant IAP-325 IEEE 802.11ac 1.69 Gbit/s Wireless Access Point - 2.40 GHz, 5 GHz - 8 x Antenna(s) - 8 x Internal Antenna(

161

162

163

164

165

166

167

168

169

170

After completing the above-mentioned configuration steps, you can authenticate the SSID users against the

configured dynamic RADIUSproxy parameters.

Enabling Dynamic RADIUS Proxy

You can enable RADIUS Server Support using the Instant UI or CLI.

In the Instant UI

To enable RADIUS server support:

1. In the Instant main window, click the System link. The System window is displayed.

2. In the General tab of System window, select Enabled from the Dynamic RADIUS Proxy drop-down list.

3. Click OK.

When dynamic RADIUS proxy is enabled, ensure that a static Virtual Controller IP is configured. For more

information on configuring Virtual Controller IP address, see Configuring Virtual Controller IP Address on page 76.

When dynamic RADIUS proxy is enabled, the Virtual Controller network uses the IP Address of the Virtual

Controller for communication with external RADIUS servers. Ensure that the Virtual Controller IP Address is set as

a NAS IP when configuring RADIUS server attributes with dynamic RADIUS proxy enabled. For more information

on configuring RADIUS server attributes, see Configuring an External Server for Authentication on page 158.

In the CLI

To enable the dynamic RADIUS proxy feature:

(Instant AP)(config)# dynamic-radius-proxy

(Instant AP)(config)# end

(Instant AP)# commit apply

Configuring Dynamic RADIUS Proxy Parameters for Authentication Servers

You can configure DRP parameters for the authentication server by using the Instant UI or CLI.

In the Instant UI

1. Click the Security>Authentication Servers.

2. To create a new server, click New and configure the required RADIUSserver parameters as described in Table

32.

3. Ensure that the following dynamic RADIUS proxy parameters are configured:

l DRP IP— IP address to be used as source IP for RADIUS packets

l DRP Mask—Subnet mask of the DRP IP address.

l DRP VLAN—VLAN in which the RADIUS packets are sent.

l DRP Gateway—Gateway IP address of the DRP VLAN.

4. Click OK.

In the CLI

To configure dynamic RADIUS proxy parameters:

(Instant AP)(config)# wlan auth-server <profile-name>

(Instant AP)(Auth Server <profile-name>)# ip <IP-address>

(Instant AP)(Auth Server <profile-name>)# key <key>

(Instant AP)(Auth Server <profile-name>)# port <port>

(Instant AP)(Auth Server <profile-name>)# acctport <port>

(Instant AP)(Auth Server <profile-name>)# nas-id <NAS-ID>

(Instant AP)(Auth Server <profile-name>)# nas-ip <NAS-IP-address>

(Instant AP)(Auth Server <profile-name>)# timeout <seconds>

(Instant AP)(Auth Server <profile-name>)# retry-count <number>

Aruba Instant 6.4.0.2-4.1 | User Guide Authentication and User Management | 163