170
| Authentication and User Management
Aruba Instant 6.5.0.0-4.3.0.0 | User Guide
c. Under PEAP user, enter the username, password, and retype the password for confirmation. The IAP
username and password are stored in IAP flash. When the IAP boots, the
/tmp/ap1xuser
and
/tmp/ap1xpassword
files are created based on these two variables.
The default inner authentication protocol for PEAP is MS-CHAPV2.
2. To upload server certificates for validating the authentication server credentials, complete the following
steps:
a. Click
Upload New Certificate
.
b. Specify the URL from where you want to upload the certificates and select the type of certificate.
3. Click
OK
.
4. To configure 802.1X authentication on uplink ports of an IAP, complete the following steps:
a. Go to
System > Show advanced options > Uplink
.
b. Click AP1X.
c. Select PEAP or TLS as the authentication type.
d. If you want to validate the server credentials using server certificate, select the
Validate Server
check
box. Ensure that the server certificates for validating server credentials are uploaded to IAP database.
e. Click
OK
.
5. Reboot the IAP.
In the CLI
To set username and password variable used by the PEAP protocol-based 802.1X authentication:
(Instant AP)# ap1x-peap-user <ap1xuser> <password>
To set the PEAP 802.1X authentication type:
(Instant AP)(config)# ap1x peap [validate-server]
(Instant AP)(config)# end
(Instant AP)# commit apply
To set TLS 802.1X authentication type:
(Instant AP)(config)# ap1x tls <tpm|user> [validate-server]
(Instant AP)(config)# end
(Instant AP)# commit apply
To upload user or CA certificates for PEAP or TLS authentication:
(Instant AP)# copy tftp <addr> <file> ap1x {ca|cert <password>} format pem
To download user or server certificates from a TFTP, FTP, or web server:
(Instant AP)# download ap1x <url> format pem [psk <psk>]
(Instant AP)# download ap1xca <url> format pem
To view the certificate details:
(Instant AP)# show ap1xcert
To verify the configuration, use any of the following commands:
(Instant AP)# show ap1x config
(Instant AP)# show ap1x debug-logs
(Instant AP)# show ap1x status
Configuring MAC Authentication for a Network Profile
MAC authentication can be used alone or it can be combined with other forms of authentication such as WEP
authentication. However, it is recommended that you do not use the MAC-based authentication.