Table of Contents
Advertisement
Table 23: Configuration Parameters for WLAN Security Settings in an Employee or Voice Network
Parameter
Authentication
server 1 and
Authentication
server 2
Load
balancing
Reauth
interval
94
| Wireless Network Profiles
Description
When Termination is enabled, the IAP by itself acts as an authentication
server and terminates the outer layers of the EAP protocol, only relaying the
innermost layer to the external RADIUS server. It can also reduce the
number of exchange packets between the IAP and the authentication
server.
NOTE: Instant supports the configuration of primary and backup
authentication servers in an EAP termination-enabled SSID.
NOTE: If you are using LDAP for authentication, ensure that IAP termination
is configured to support EAP.
Select any of the following options from the Authentication server 1 drop-
down list:
Select an authentication server from the list if an external server is
l
already configured. To modify the server parameters, click Edit.
Select New to add a new server.
l
For information on configuring external servers, see
External Server for Authentication on page
To use an internal server, select Internal server and add the clients that
l
are required to authenticate with the internal RADIUS server. Click the
Users link to add the users. For information on adding a user, see
Managing IAP Users on page
If an external server is selected, you can also configure another
authentication server.
Set this to Enabled if you are using two RADIUS authentication servers, so
that the load across the two RADIUS servers is balanced. For more
information on the dynamic load balancing mechanism, see
Balancing between Two Authentication Servers on page
Specify a value for Reauth interval. When set to a value greater than zero,
IAPs periodically reauthenticate all associated and authenticated clients.
The following list provides descriptions for three reauthentication interval
configuration scenarios:
When Reauth interval is configured on an SSID performing L2
l
authentication (MAC or 802.1X authentication)—When reauthentication
fails, the clients are disconnected. If the SSID is performing only MAC
authentication and has a pre-authentication role assigned to the client,
the client will get a post-authentication role only after a successful
reauthentication. If reauthentication fails, the client retains the pre-
authentication role.
When Reauth interval is configured on an SSID performing both L2 and
l
L3 authentication (MAC with captive portal authentication)—When
reauthentication succeeds, the client retains the role that is already
assigned. If reauthentication fails, a pre-authentication role is assigned
to the client.
Configuring an
156.
143.
156.
Security
Level
Enterprise,
Personal, and
Open security
levels.
Enterprise,
Personal, and
Dynamic Load
Open security
levels.
Enterprise,
Personal, and
Open security
levels.
Aruba Instant 6.5.0.0-4.3.0.0 | User Guide
Hide quick links:
Advertisement
Table of Contents
