Table of Contents
Advertisement
Enabling Dynamic RADIUS Proxy
You can enable RADIUS server support using the Instant UI or the CLI.
In the Instant UI
To enable RADIUS server support:
1. In the Instant main window, click the System link. The System window is displayed.
2. On the General tab of the System window, select the RADIUS check box for Dynamic Proxy.
3. Click OK.
When dynamic RADIUS proxy is enabled, the VC network uses the IP Address of the VC for communication
with external RADIUS servers. Ensure that the VC IP Address is set as a NAS IP when configuring RADIUS
server attributes with dynamic RADIUS proxy enabled. For more information on configuring RADIUS server
attributes, see
Configuring an External Server for Authentication on page
In case of VPN deployments, the tunnel IP received when establishing a VPN connection is used as the NAS IP.
In such cases, the VC IP need not be configured for the external RADIUS servers.
In the CLI
To enable the dynamic RADIUS proxy feature:
(Instant AP)(config)# dynamic-radius-proxy
(Instant AP)(config)# end
(Instant AP)# commit apply
Configuring Dynamic RADIUS Proxy Parameters
You can configure DRP parameters for the authentication server by using the Instant UI or the CLI.
In the Instant UI
To configure dynamic RADIUS proxy in the Instant UI:
1. Go to Security > Authentication Servers.
2. To create a new server, click New and configure the required RADIUS server parameters as described in
Table
33.
3. Ensure that the following dynamic RADIUS proxy parameters are configured:
DRP IP—IP address to be used as source IP for RADIUS packets.
l
DRP Mask—Subnet mask of the DRP IP address.
l
DRP VLAN—VLAN in which the RADIUS packets are sent.
l
DRP Gateway—Gateway IP address of the DRP VLAN.
l
4. Click OK.
In the CLI
To configure dynamic RADIUS proxy parameters:
(Instant AP)(config)# wlan auth-server <profile-name>
(Instant AP)(Auth Server <profile-name>)# ip <IP-address>
(Instant AP)(Auth Server <profile-name>)# key <key>
(Instant AP)(Auth Server <profile-name>)# port <port>
(Instant AP)(Auth Server <profile-name>)# acctport <port>
(Instant AP)(Auth Server <profile-name>)# nas-id <NAS-ID>
(Instant AP)(Auth Server <profile-name>)# nas-ip <NAS-IP-address>
(Instant AP)(Auth Server <profile-name>)# timeout <seconds>
(Instant AP)(Auth Server <profile-name>)# retry-count <number>
(Instant AP)(Auth Server <profile-name>)# deadtime <minutes>
Aruba Instant 6.5.0.0-4.3.0.0 | User Guide
156.
Authentication and User Management |
163
Hide quick links:
Advertisement
Table of Contents
