162
| Authentication and User Management
Aruba Instant 6.5.0.0-4.3.0.0 | User Guide
(Instant AP)(Auth Server "name")# end
(Instant AP)(Auth Server "name")# commit apply
Associate the Server Profile with a Network Profile
You can associate the server profile with a network profile using the Instant UI or the CLI.
In the Instant UI
To associate an authentication server in the Instant UI:
1. Access the WLAN wizard or the Wired Settings window.
l
To open the WLAN wizard, select an existing SSID on the
Network
tab, and click
edit
.
l
To open the wired settings window, click
More > Wired
. In the
Wired
window, select a profile and click
Edit
.
You can also associate the authentication servers when creating a new WLAN or wired profile.
2. Click the
Security
tab and select a splash page profile.
3. Select an authentication type.
4. From the
Authentication Server 1
drop-down list, select the server name on which RadSec is enabled.
5. Click
Next
and then click
Finish
.
In the CLI
To associate an authentication server to a WLAN SSID:
(Instant AP)(config)# wlan ssid-profile <name>
(Instant AP)(SSID Profile <name>)# auth-server <server-name>
(Instant AP)(SSID Profile <name>)# end
((Instant AP)# commit apply
To associate an authentication server to a wired profile:
(Instant AP)(config)# wired-port-profile <name>
(Instant AP)(wired ap profile <name>)# auth-server <name>
(Instant AP)(wired ap profile <name>)# end
(Instant AP)# commit apply
Configuring Dynamic RADIUS Proxy Parameters
The RADIUS server can be deployed at different locations and VLANs. In most cases, a centralized RADIUS or
local server is used to authenticate users. However, some user networks can use a local RADIUS server for
employee authentication and a centralized RADIUS-based captive portal server for guest authentication. To
ensure that the RADIUS traffic is routed to the required RADIUS server, the dynamic RADIUS proxy feature
must be enabled.
The dynamic RADIUS proxy parameters configuration is not required if RadSec is enabled in the
RADIUS server profile.
If the IAP clients need to authenticate to the RADIUS servers through a different IP address and VLAN, ensure
that the following steps are completed:
1.
.
2.
Configure dynamic RADIUS proxy IP, VLAN, netmask, and gateway for each authentication server
3.
Associate the authentication servers to SSID or a wired profile to which the clients connect
After completing the configuration steps mentioned above, you can authenticate the SSID users against the
configured dynamic RADIUS proxy parameters.