Table of Contents
Advertisement
Table 23: Configuration Parameters for WLAN Security Settings in an Employee or Voice Network
Parameter
Blacklisting
Accounting
Authentication
survivability
MAC
authentication
Aruba Instant 6.5.0.0-4.3.0.0 | User Guide
Description
When Reauth interval is configured on an SSID performing only L3
l
authentication (captive portal authentication)—When reauthentication
succeeds, a pre-authentication role is assigned to the client that is in a
post-authentication role. Due to this, the clients are required to go
through captive portal to regain access.
To enable blacklisting of the clients with a specific number of authentication
failures, select Enabled from the Blacklisting drop-down list and specify a
value for Max authentication failures. The users who fail to authenticate
the number of times specified in Max authentication failures are
dynamically blacklisted.
Select any of the following options:
To enable accounting, select Use authentication servers from the
l
Accounting drop-down list. On enabling the accounting function, IAPs
post accounting information to the RADIUS server at the specified
Accounting interval.
To use a separate server for accounting, select Use separate servers.
l
The accounting server is distinguished from the authentication server
specified for the SSID profile.
To disable the accounting function, select Disabled.
l
To enable authentication survivability, set Authentication survivability to
Enabled. Specify a value in hours for Cache timeout (global) to set the
duration after which the authenticated credentials in the cache must expire.
When the cache expires, the clients are required to authenticate again. You
can specify a value within a range of 1–99 hours and the default value is 24
hours.
NOTE: The authentication survivability feature requires ClearPass Policy
Manager 6.0.2 or later, and is available only when the New server option is
selected. On setting this parameter to Enabled, Instant authenticates the
previously connected clients using EAP-PEAP authentication even when
connectivity to ClearPass Policy Manager is temporarily lost. The
Authentication survivability feature is not applicable when a RADIUS server
is configured as an internal server.
To enable MAC-address-based authentication for Personal and Open
security levels, set MAC authentication to Enabled.
For Enterprise security level, the following options are available:
Perform MAC authentication before 802.1X—Select this check box to
l
use 802.1X authentication only when the MAC authentication is
successful.
MAC authentication fail-thru—On selecting this check box, the 802.1X
l
authentication is attempted when the MAC authentication fails.
NOTE: If Enterprise Security level is chosen, the server used for mac
Security
Level
Enterprise,
Personal, and
Open security
levels.
Enterprise,
Personal, and
Open security
levels.
Enterprise
security level
Enterprise,
Personal, and
Open security
levels.
Wireless Network Profiles |
95
Hide quick links:
Advertisement
Table of Contents
