Owners manual

ManualsBrandsARUBA NETWORKS ManualsComputers & LaptopsAruba Instant IAP-325 IEEE 802.11ac 1.69 Gbit/s Wireless Access Point - 2.40 GHz, 5 GHz - 8 x Antenna(s) - 8 x Internal Antenna(

161

162

163

164

165

166

167

168

169

170

164 | Authentication and User Management Aruba Instant 6.4.0.2-4.1 | User Guide

(Instant AP)(Auth Server <profile-name>)# deadtime <minutes>

(Instant AP)(Auth Server <profile-name>)# drp-ip <IP-address> <mask> vlan <vlan> gateway

<gateway-IP-address>

(Instant AP)(Auth Server <profile-name>)# end

(Instant AP)# commit apply

Associate the AuthenticationServers with an SSID or Wired Profile

1. Access the WLAN wizard or Wired Settings window.

l To open the WLAN wizard, select an existing SSID in the Network tab, and click edit.

l To open the wired settings window, click More > Wired. In the Wired window, select a profile and click Edit.

You can also associate the authentication servers when creating a new WLAN or wired profile.

2. Click the Security tab.

3. If you are configuring the authentication server for a WLAN SSID, under Security tab, slide to Enterprise

security level.

4. Ensure that an authentication type is enabled.

5. From the Authentication Server 1 drop-down list, select the server name on which dynamic RADIUS proxy

parameters are enabled. You can also create a new server with RADIUS and RADIUSproxy parameters by

selecting New.

6. Click Next and then click Finish.

7. To assign the RADIUSauthentication server to a network profile, select the newly added server when configuring

security settings for a wireless or wired network profile.

You can also add an external RADIUSserver by selecting New for Authentication Server when

configuring a WLAN or wired profile. For more information, see Configuring Security Settings for a WLAN

SSID Profile on page 99 and Configuring Security Settings for a Wired Profile on page 115.

In the CLI

To associate an authentication server to a WLAN SSID:

(Instant AP)(config)# wlan ssid-profile <name>

(Instant AP)(SSID Profile <name># auth-server <server-name>

(Instant AP)(SSID Profile <name># end

((Instant AP)# commit apply

To associate an authentication server to a wired profile:

(Instant AP)(config)# wired-port-profile <name>

(Instant AP)(wired ap profile <name>)# auth-server <name>

(Instant AP)(wired ap profile <name>)# end

(Instant AP)# commit apply

Configuring 802.1X Authentication for a Network Profile

The Instant network supports internal RADIUS server and external RADIUS server for 802.1X authentication.

The steps involved in 802.1X authentication are as follows:

1. The NAS requests authentication credentials from a wireless client.

2. The wireless client sends authentication credentials to the NAS.

3. The NAS sends these credentials to a RADIUS server.

4. The RADIUS server checks the user identity and authenticates the client if the user details are available in its

database. The RADIUS server sends an

Access-Accept

message to the NAS. If the RADIUS server cannot