Table of Contents
Advertisement
Configuring 802.1X Authentication for Wireless Network Profiles
You can configure 802.1X authentication for a wireless network profile in the Instant UI or the CLI.
In the Instant UI
To enable 802.1X authentication for a wireless network:
1. On the Network tab, click New to create a new network profile or select an existing profile for which you
want to enable 802.1X authentication and click edit.
2. In the Edit <profile-name> or the New WLAN window, ensure that all required WLAN and VLAN
attributes are defined, and then click Next.
3. On the Security tab, specify the following parameters for the Enterprise security level:
a. Select any of the following options from the Key management drop-down list.
WPA-2 Enterprise
l
WPA Enterprise
l
Both (WPA-2 & WPA)
l
Dynamic WEP with 802.1X
l
4. If you do not want to use a session key from the RADIUS server to derive pairwise unicast keys, set Session
Key for LEAP to Enabled.
5. To terminate the EAP portion of 802.1X authentication on the IAP instead of the RADIUS server, set
Termination to Enabled.
By default, for 802.1X authentication, the client conducts an EAP exchange with the RADIUS server, and the
IAP acts as a relay for this exchange. When Termination is enabled, the IAP by itself acts as an
authentication server and terminates the outer layers of the EAP protocol, only relaying the innermost layer
to the external RADIUS server.
6. Specify the type of authentication server to use and configure other required parameters. You can also
configure two different authentication servers to function as primary and backup servers when
Termination is enabled. For more information on RADIUS authentication configuration parameters, see
Configuring an External Server for Authentication on page
7. Click Next to define access rules, and then click Finish to apply the changes.
In the CLI
To configure 802.1X authentication for a wireless network:
(Instant AP)(config)# wlan ssid-profile <name>
(Instant AP)(SSID Profile <name>)# type {<Employee>|<Voice>}
(Instant AP)(SSID Profile <name>)# opmode {wpa2-aes|wpa-tkip|wpa-tkip,wpa2-aes|dynamic-wep}
(Instant AP)(SSID Profile <name>)# leap-use-session-key
(Instant AP)(SSID Profile <name>)# termination
(Instant AP)(SSID Profile <name>)# auth-server <server1>
(Instant AP)(SSID Profile <name>)# auth-server <server2>
(Instant AP)(SSID Profile <name>)# radius-reauth-interval <minutes>
(Instant AP)(SSID Profile <name>)# auth-survivability
(Instant AP)(SSID Profile <name>)# exit
(Instant AP)(config)# auth-survivability cache-time-out <hours>
(Instant AP)(config)# end
(Instant AP)# commit apply
Configuring 802.1X Authentication for Wired Profiles
You can configure 802.1X authentication for a wired profile in the Instant UI or the CLI.
168
| Authentication and User Management
156.
Aruba Instant 6.5.0.0-4.3.0.0 | User Guide
Hide quick links:
Advertisement
Table of Contents
