l
If
Client IP Assignment
is set to
Network Assigned
, specify a value for
Native VLAN
. A VLAN
that does not have a VLAN ID tag in the frames is referred to as Native VLAN. You can specify a value
within the range of 1–4093.
d. If the
Access
mode is selected:
l
If
Client IP Assignment
is set to
Virtual Controller Assigned
, proceed to step 2.
l
If
Client IP Assignment
is set to
Network Assigned
, specify a value for
Access VLAN
to indicate
the VLAN carried by the port in the
Access
mode.
2. Click
Next
. The
Security
tab details are displayed.
3. Configure security settings for the wired profile. For more information, see
Configuring Security Settings for
.
In the CLI
To configure VLAN settings for a wired profile:
(Instant AP)(config)# wired-port-profile <name>
(Instant AP)(wired ap profile <name>)# switchport-mode {trunk|access}
(Instant AP)(wired ap profile <name>)# allowed-vlan <vlan>
(Instant AP)(wired ap profile <name>)# native-vlan {<guest|1…4095>}
(Instant AP)(wired ap profile <name>)# end
(Instant AP)# commit apply
To configure a new VLAN assignment rule:
(Instant AP)(config)# wired-port-profile <name>
(Instant AP)(wired ap profile <name>)# set-vlan <attribute>{equals|not-equals|starts-with|
ends-with|contains| matches-regular-expression} <operator> <VLAN-ID>|value-of}
(Instant AP)(wired ap profile <name>)# end
(Instant AP)# commit apply
Configuring Security Settings for a Wired Profile
If you are creating a new wired profile, complete the Wired Settings and VLAN procedures before specifying the
security settings. For more information, see
Configuring Wired Settings on page 108
and
Settings for a WLAN SSID Profile on page 87
.
Configuring Security Settings for a Wired Employee Network
You can configure security parameters for the Employee network by using the Instant UI or the CLI.
In the Instant UI
To configure security parameters for the Employee network:
1. Configure the following parameters in the
Security
tab.
l
Port type
—To support trusted ports in an IAP, select
Trusted
. When the Port type is trusted, MAC and
802.1X authentication parameters cannot be configured. The Port Type is
Untrusted
by default.
In a trusted mode, IAPs will not create any user entry. A predefined ACL is applied to the trusted port in
order to control the client traffic that needs to be source NATed.
l
MAC authentication
—To enable MAC authentication, select
Enabled
. The MAC authentication is
disabled by default.
l
802.1X authentication
—To enable 802.1X authentication, select
Enabled
. The 802.1X authentication
is disabled by default.
l
MAC authentication fail-thru
—To enable authentication fail-thru, select
Enabled
. When this feature
is enabled, 802.1X authentication is attempted when MAC authentication fails. The
MAC
Aruba Instant 6.5.0.0-4.3.0.0 | User Guide
Wired Profiles |
110