Manualshelf

Owners manual

ManualsBrandsARUBA NETWORKS ManualsComputers & LaptopsAruba Instant IAP-325 IEEE 802.11ac 1.69 Gbit/s Wireless Access Point - 2.40 GHz, 5 GHz - 8 x Antenna(s) - 8 x Internal Antenna(
371372373374375376377378379380
Configuration Steps CLI Commands UI Procedure
(ap)(SSID Profile "wireless-ssid")# essid wireless-
ssid
(ap)(SSID Profile "wireless-ssid")# opmode wpa2-aes
(ap)(SSID Profile "wireless-ssid")# vlan 30
(ap)(SSID Profile "wireless-ssid")# auth-server
server1
(ap)(SSID Profile "wireless-ssid")# auth-server
server2
(ap)(SSID Profile "wireless-ssid")# auth-
survivability
Configure a wireless SSID is configured to operate in L3 mode for
contractor and associate distributed L3 mode VLAN 40 to the
WLAN SSID profile.
(ap)(config) # wlan ssid-profile wireless-ssid-
contractor
(ap)(SSID Profile "wireless-ssid-contractor")#
enable
(ap)(SSID Profile "wireless-ssid-contractor")# type
employee
(ap)(SSID Profile "wireless-ssid-contractor")# essid
wireless-ssid-contractor
(ap)(SSID Profile "wireless-ssid-contractor")#
opmode wpa2-aes
(ap)(SSID Profile "wireless-ssid-contractor")# vlan
40
(ap)(SSID Profile "wireless-ssid-contractor")# auth-
server server1
(ap)(SSID Profile "wireless-ssid-contractor")# auth-
server server2
(ap)(SSID Profile "wireless-ssid-contractor")# auth-
survivability
7. Create access rule for
wired and wireless
authentication. In this
example, the rule permits
all traffic. For contractor
SSID role, the rule allows
only 10.16.0.0/16 network
and all other traffic
address is translated at
the source and the global
routing profile definition is
bypassed.
For wired profile:
(ap)(config)# wlan access-rule wired-port
(ap)(Access Rule "wired-port")# rule any any match
any any any
permit
For WLAN SSID employee roles:
(ap)(config)# wlan access-rule wireless-ssid
(ap)(Access Rule "wireless-ssid")# rule any any
match any any any permit
For WLAN SSID contractor roles:
(ap)(config)# wlan access-rule wireless-ssid-
contractor
(ap)(Access Rule "wireless-ssid-contractor")# rule
10.16.0.0 255.255.0.0 match any any any permit
(ap)(Access Rule "wireless-ssid-contractor")# rule
any any match any any any src-nat
See
Configuring
AccessRules
for Network
Services
NOTE: Ensure that you execute the commit apply command in the Instant CLI before saving the configuration and
propagating changes across the IAP cluster.
Table 74:
IAP Configuration for Scenario 3 - IPSec: Multiple Datacenter Deployment
Aruba Instant 6.4.0.2-4.1 | User Guide IAP-VPN Deployment Scenarios | 374