Owners manual

ManualsBrandsARUBA NETWORKS ManualsComputers & LaptopsAruba Instant IAP-325 IEEE 802.11ac 1.69 Gbit/s Wireless Access Point - 2.40 GHz, 5 GHz - 8 x Antenna(s) - 8 x Internal Antenna(

161

162

163

164

165

166

167

168

169

170

2. In the Edit <profile-name> or New WLAN window, ensure that all required WLAN and VLAN attributes are

defined, and then click Next.

3. In the Security tab, select Enabled from the MAC authentication drop-down list, for Personal or Open

security level.

4. Specify the type of authentication server to use.

5. If the internal authentication server is used, perform the following steps to allow MAC address based

authentication:

a. Click the Users link against the Internal server field. The Users window is displayed.

b. Specify the client MAC address as the user name and password.

c. Specify the type of the user (employee or guest).

d. Click Add.

e. Repeat the steps to add more users.

f. Click OK.

6. To allow the IAP to use a delimiter in the MAC authentication request, specify a character (for example, colon or

dash) as a delimiter for the MAC address string. For example, if you specify the colon as a delimiter, MAC

addresses in the xx:xx:xx:xx:xx:xx format are used. If the delimiter is not specified, the MAC address in the

xxxxxxxxxxxx format is used.

7. To allow the IAP to use uppercase letters in the MAC address string, set Uppercase support to Enabled.

8. Configure other parameters as required.

9. Click Next to define access rules, and then click Finish to apply the changes.

In the CLI

To configure MAC-address based authentication with external server:

(Instant AP)(config)# wlan ssid-profile <name>

(Instant AP)(SSID Profile <name>)# type {<Employee> | <Voice>| <Guest>}

(Instant AP)(SSID Profile <name>)# mac-authentication

(Instant AP)(SSID Profile <name>)# mac-authentication-delimiter <delim>

(Instant AP)(SSID Profile <name>)# mac-authentication-upper-case

(Instant AP)(SSID Profile <name>)# external-server

(Instant AP)(SSID Profile <name>)# auth-server <server-name1>

(Instant AP)(SSID Profile <name>)# auth-server <server-name2>

(Instant AP)(SSID Profile <name>)# server-load-balancing

(Instant AP)(SSID Profile <name>)# radius-reauth-interval <minutes>

(Instant AP)(SSID Profile <name>)# end

(Instant AP)# commit apply

To add users for MAC authentication based on internal authentication server:

(Instant AP)(config)# user <username> [<password>] [portal| radius]

(Instant AP)(config)# end

(Instant AP)# commit apply

Configuring MAC Authentication for Wired Profiles

You can configure MAC authentication for a wired profile in the Instant UI or CLI.

In the Instant UI

To enable MAC authentication for a wired profile:

1. Click the Wired link under More at the top right corner of the main window. The Wired window is displayed.

2. Click New under Wired Networks to create a new network or select an existing profile for which you want to

enable MAC authentication and then click Edit.

Aruba Instant 6.4.0.2-4.1 | User Guide Authentication and User Management | 167