SlideShare a Scribd company logo

Aruba VIA 2.0.1 User Guide Linux Edition

Aruba, a Hewlett Packard Enterprise company
Aruba, a Hewlett Packard Enterprise company

Aruba VIA 2.0.1 User Guide Linux Edition

TechnologyTravel
1 of 30
Download to read offline
Aruba VIA 2.0.1 Linux Edition UserGuide
www.arubanetworks.com 1344 Crossman Avenue Sunnyvale, California 94089 Phone: 408.227.4500 Fax 408.227.4550 Aruba VIA 2.0.1 Linux Edition | User Guide 0511449-01-v1 | August 2013 Copyright © 2013 Aruba Networks, Inc. Aruba Networks trademarks include , Aruba Networks®, Aruba Wireless Networks®, the registered Aruba the Mobile Edge Company logo, Aruba Mobility Management System®, Mobile Edge Architecture®, People Move. Networks Must Follow®, RFProtect®, Green Island®. All rights reserved. All other trademarks are the property of their respective owners. Open Source Code Certain Aruba products include Open Source software code developed by third parties, including software code subject to the GNU General Public License (GPL), GNU Lesser General Public License (LGPL), or other Open Source Licenses. The Open Source code used can be found at this site: http://www.arubanetworks.com/open_source Legal Notice The use of Aruba Networks, Inc. switching platforms and software, by all individuals or corporations, to terminate other vendors’ VPN client devices constitutes complete acceptance of liability by that individual or corporation for this action and indemnifies, in full, Aruba Networks, Inc. from any and all legal actions that might be taken against it with respect to infringement of copyright on behalf of those vendors. Warranty This hardware product is protected by the standard Aruba warranty of one year parts/labor. For more information, refer to the ARUBACARE SERVICE AND SUPPORT TERMS AND CONDITIONS. Altering this device (such as painting it) voids the warranty.
Aruba VIA 2.0.1 Linux Edition | User Guide | 3 Contents About this Guide....................................................................................................................5 Intended Audience.................................................................................................5 Topics....................................................................................................................5 Conventions...........................................................................................................5 Contacting Support ...............................................................................................6 Chapter 1 VIA Overview ............................................................................................7 How it Works .........................................................................................................7 Supported Platforms .............................................................................................8 Chapter 2 VIA Installation .........................................................................................9 Installing VIA on Linux ...........................................................................................9 Pre-requisites..................................................................................................9 Procedure........................................................................................................9 Chapter 3 End User Instructions............................................................................11 Downloading VIA .................................................................................................11 Installing VIA ........................................................................................................11 Using VIA .............................................................................................................11 Connection Details Tab.................................................................................11 Diagnostic Tab ..............................................................................................12 Diagnostics Tools ...................................................................................12 Settings Tab..................................................................................................12 Uninstalling VIA....................................................................................................12 Appendix A Controller Configuration .......................................................................13 Before you Begin.................................................................................................13 Supported Authentication Mechanisms ..............................................................13 Configuring VIA Settings on Controller................................................................13 Using WebUI to Configure VIA......................................................................14 Enable VPN Server Module ....................................................................14 Create VIA User Roles ............................................................................14 Create VIA Authentication Profile ...........................................................14 Create VIA Connection Profile................................................................16 Configure VIA Web Authentication .........................................................19 Associate VIA Connection Profile to User Role......................................19 Create VIA Roles.....................................................................................20 Create VIA Authentication Profiles .........................................................20 Create VIA Connection Profiles ..............................................................20 Configure VIA Web Authentication .........................................................21 Associate VIA Connection Profile to User Role......................................21 Appendix B DNS Configuration.................................................................................23
4 | Aruba VIA 2.0.1 Linux Edition | User Guide
Aruba VIA 2.0.1 Linux Edition | User Guide About this Guide | 5 About this Guide This user guide describes the Aruba Virtual Intranet Access (VIA) behavior, provides detailed instructions for the end users on Windows platform. It also mentions the steps for setting up and configuring the VIA application on a controller. See the Virtual Private Networks chapter in the latest ArubaOS user guide for information on configuring VPN settings on your controller. Intended Audience This guide is intended for system administrators responsible for configuring and maintaining VIA controllers and for VIA users who will use the VIA connection manager to connect securely to their corporate network. Topics The following topics are covered in this document:  “VIA Overview” on page 9  “VIA Installation” on page 11  “End User Instructions” on page 13  “Troubleshooting” on page 17  “Controller Configuration” on page 19  “DNS Configuration” on page 29 Conventions The following conventions are used throughout this manual to emphasize important concepts: Table 1 Typographical Conventions Type Style Description Italics This style is used to emphasize important terms and to mark the titles of books. System items This fixed-width font depicts the following:  Sample screen output  System prompts  Filenames, software devices, and specific commands when mentioned in the text Commands In the command examples, this bold font depicts text that you must type exactly as shown.
6 | About this Guide Aruba VIA 2.0.1 Linux Edition | User Guide The following informational icon is used throughout this guide: Indicates helpful suggestions, pertinent information, and important things to remember. <Arguments> In the command examples, italicized text within angle brackets represents items that you should replace with information appropriate to your specific situation. For example: # send <text message> In this example, you would type “send” at the system prompt exactly as shown, followed by the text of the message you wish to send. Do not type the angle brackets. [Optional] Command examples enclosed in brackets are optional. Do not type the brackets. {Item A | Item B} In the command examples, items within curled braces and separated by a vertical bar represent the available choices. Enter only one choice. Do not type the braces or bars. Table 1 Typographical Conventions (Continued) Type Style Description
Main Site arubanetworks.com Support Site support.arubanetworks.com Airheads Social Forums and Knowledge Base community.arubanetworks.com North American Telephone 1-800-943-4526 (Toll Free) 1-408-754-1200 International Telephones arubanetworks.com/support-services/aruba-support-program/contact- support/ Software Licensing Site licensing.arubanetworks.com End of Support information www.arubanetworks.com/support-services/end-of-life-products/end-of- life-policy/ Wireless Security Incident Response Team (WSIRT) arubanetworks.com/support/wsirt.php Support Email Addresses Americas and APAC support@arubanetworks.com EMEA emea_support@arubanetworks.com WSIRT Email Please email details of any security problem found in an Aruba product. wsirt@arubanetworks.com Aruba VIA 2.0.1 Linux Edition | User Guide About this Guide | 7 Contacting Support
8 | About this Guide Aruba VIA 2.0.1 Linux Edition | User Guide
Aruba VIA 2.0.1 Linux Edition | User Guide VIA Overview | 9 Chapter 1 VIA Overview Virtual Intranet Access (VIA) is part of the Aruba remote networks solution targeted for teleworkers and mobile users. VIA detects the user’s network environment (either trusted or un-trusted) and automatically connects the user to their enterprise network. Trusted networks typically refers to a protected office networks that allows users to directly access corporate intranet. Un-trusted networks are public Wi-Fi hotspots like airports, cafes, or home network. The VIA solution comes in two parts; VIA application and the controller configuration.  VIA application— Teleworkers and mobile users can easily install a light weight application on their Linux computers to connect to their enterprise network from remote locations. For mor information, see “VIA Installation” on page 11.  Controller configuration— To set up virtual intranet access for remote users, you must configure your controller with user roles, and authentication and connection profiles. You can use either the WebUI or CLI to configure your controller. For more information, see “Controller Configuration” on page 19. How it Works VIA provides a seamless connectivity experience to users when accessing an enterprise or corporate resource (example: workstation, server) from an un-trusted or trusted network connection. By default VIA will auto-launch at system start and establish a remote connection. The following table explains the typical behavior: VIA requires the PEFV license on the Mobility Controllers. The sequence of events described in Table 2 does not always happen in the order shown in the table. Table 2 VIA Connectivity Behavior User action/environment VIA’s behavior The client or user moves from a trusted to un-trusted environment. Example: From office to a public hot- spot. Establishes connection to remote network. The client moves from an un-trusted to a trusted environment. VIA does not establish remote connection. You can, however, manually connect to a network by selecting an appropriate connection profile from the Settings tab. While in an un-trusted environment, user disconnects the remote connection. Disconnects gracefully.
10 | VIA Overview Aruba VIA 2.0.1 Linux Edition | User Guide Supported Platforms Aruba VIA 2.0.1 is supported on the following platforms for both 32 and 64 bit Linux versions:  Red Hat® Enterprise Linux (RHEL) Desktop 6.0  CentOS Desktop 6.0  Ubuntu® 12.04 User moves to an un-trusted environment Stays idle and does not connect. This usually happens, if the user has in a previous occasion disconnected a secure connection by clicking the Disconnect button in VIA. Users can manually connect using one of the following methods: 1. Right click on the VIA icon in the system tray and select the Restore option and then select the Connect option to connect using the default connection profile. 2. Right click on the VIA icon in the system tray and select the Connect option. User clicks the Reconnect button. Establishes remote connection. In an un-trusted environment, user restarts the system. Establishes remote connection. In an un-trusted environment, user shuts down the system. Moves to a trusted environment and restarts system. VIA stays idle. Table 2 VIA Connectivity Behavior User action/environment VIA’s behavior
Aruba VIA 2.0.1 Linux Edition | User Guide VIA Installation | 11 Chapter 2 VIA Installation Virtual Intranet Access (VIA) package can be installed on various Linux platforms such as RHEL, Ubuntu, and CentOS. This chapter explains the steps to install VIA package on these platforms. For supported platform versions, see “Supported Platforms” on page 10. Installing VIA on Linux Pre-requisites  Make sure you un-install previously installed VIA versions before installing a VIA package. For information on the un-installation steps, see “Uninstalling VIA” on page 15.  Ensure the system is up-to- date.  Execute the following commands for Ubuntu: sudo apt-get update sudo apt-get upgrade  Execute the following command for RHEL and CentOS: yum update Procedure Perform the following steps to install VIA on a Linux platforms: 1. Download the installer file from the support site. For more information, see “Downloading VIA” on page 13. 2. Mark the file as executable before installing: a. Right-click on the installer file. b. Click Permissions tab. c. Check the option Allow executing file as program and click Close. You can also run the command chmod +x filename to mark the downloaded file as an executable file. 3. Double-click on the installer file. 4. Follow the instructions to complete the installation.
12 | VIA Installation Aruba VIA 2.0.1 Linux Edition | User Guide
Aruba VIA 2.0.1 Linux Edition | User Guide End User Instructions | 13 Chapter 3 End User Instructions This section of the document provides end user instructions and information on using the Virtual Intranet Access (VIA) application. Downloading VIA Download the installer setup file from the support site. Select the installer that is appropriate for your operating system and architecture. The installer setup file format is via-<version>.<osname><architecture>.<ext> and the supported file extensions are .deb and .rpm. For example, for RHEL and CentOS the setup file name can be via-2.0.0-53700.rhel6.i386.rpm. Installing VIA Double-click the downloaded set up file to start the installation process. Ensure you have un-installed previously installed VIA versions before installing a VIA package. For information on installation steps, see “VIA Installation” on page 11. Using VIA When VIA is launched for the first time after successful VIA installation, you will prompted to perform the following steps to connect to VIA: 1. Enter the remote server name, username, and password. If the VIA Web authentication list has more than one VIA authentication profile, the user can choose a VIA authentication profile from the available ones. After successful authentication, the VIA client downloads the appropriate VIA connection profile. Figure 1 Profile Download 2. Click Connect to establish the IPsec connection if the you are connected to an untrusted network.
14 | End User Instructions Aruba VIA 2.0.1 Linux Edition | User Guide Figure 2 Connection Status - Connecting After the successful connection, you will see the connection status as Established as shown in the following figure: Figure 3 Connection Status - Established The VIA desktop application has four tabs that provide various settings options and information about the connection status and diagnostics:  Connection Details  Diagnostics  Settings  VIA Cert Store Connection Details Tab This tab provides all required details about your remote connection. After a successful connection, you can see the assigned IP from your remote server, the profile used for the connection and other network related information.  Disconnect—Click this button to disconnect the current remote connection. You will have to manually connect for the next connection. VIA will not automatically start connection.  View Connection Log—Click this button to view the sequence of events that took place during the last or current connection. The log also provides information about upgrade requirement, missing pre- requisites, or other encountered errors.  Change Profile—Click this button to select an alternate connection profile. This button is enabled only if your administrator has configured more than one connection profile. This button toggles to Download Profile, if you clear your profile from the Settings tab.
Aruba VIA 2.0.1 Linux Edition | User Guide End User Instructions | 15 More Details This section gives information about your local connection.  Click Network Details to view local network connection information.  Click VIA Details to view error or other connection messages. Diagnostic Tab Provides information and tools for troubleshooting your connectivity issues. Select a diagnostic tool from this tab for more information. Diagnostics Tools  Send Logs—List of log files collected by VIA. You can send this to your technical support when required. Click Send Logs to send the log files archive using your default e-mail client.  Connectivity tests—Basic tests (ping and trace-route) to verify your network connection. Settings Tab This tab allows you to configure extra settings required to collect log, use a different connection profile and set up proxy server details. Connection Profile allows you to select and connect to a different connection profile. This is usually useful if you are in remote location and you need to connect to your corporate (secure) network. In such situation, you can select a profile that uses the nearest remote server to provide secure connection to your network. Alternate connection profiles are available only if it is configured by your IT administrator. VIA Cert Store Tab This tab allows you to import and use certificates on Linux platforms. Uninstalling VIA This section mentions the paths to uninstall VIA application on CentOS, RHEL, and Ubuntu platforms: RHEL and CentOS: 1. Navigate to System > Administration > Add/Remove software. 2. Uncheck VIA and click Clear. Ubuntu: 1. Navigate to Ubuntu Software Center. 2. Select the application and click Remove. You can also uninstall the VIA application using the CLI. Execute the command sudo apt-get purge via.
16 | End User Instructions Aruba VIA 2.0.1 Linux Edition | User Guide
Aruba VIA 2.0.1 Linux Edition | User Guide Troubleshooting | 17 Chapter 4 Troubleshooting This section of the document provides information to help you troubleshoot the problems you may encounter when installing, connecting, and using the VIA application. Table 3 VIA Troubleshooting Steps Action Issue Troubleshooting Steps Installation Unable to install 1. Ensure that you are using the supported Operating System. 2. Ensure the system is up to date by running the following commands. —RHELor CentOS: yum update —Ubuntu: sudo apt-get update and sudo apt-get upgrade Unable to locate VIA application for uninstallation in Ubuntu Run the following command to remove VIA in Ubuntu: sudo apt-get --purge remove via Profile Download Unable to download profile Ensure the profile can be downloaded using a browser going to https://<controller>/via and then remove any proxy settings if set in the browser. Connect VIA Unable to establish VPN connection 1. Ensure the VPN connection works fine with VIA for Windows Edition. 2. Check if the authentication method used to connect VIA is supported in VIA for Linux Edition. For more information, refer Supported VIA Features section in Aruba VIA 2.0.1 Linux Edition Release Notes. VIA does not connect automatically when a network interfaceis up Ensure the Linux Network Manager is in use. VIA does not start automatically on system start This could be because the VIA application is installed, by logging in as a different user. Certificate Storage Unable to import the certificate 1. Import the certificate into the VIA Certificate store and also import the corresponding CA certificate. 2. If the Enterprise has a CA server that can issue certificates for users, use Request User certificate option. Detect Network Events VIA unable to detect the network events Network manager may not be in use for managing network interfaces. How to check if an interface is being managed by network manager or not? Ensure that the file /etc/network/interfaces, should not have any references to the interfaces on which you attempt to connect the VIA application. Send Logs The system does not have a mail account configured. How do I send logs? Click Send Logs button in the GUI, this will create a file via_logs_<date>_<time>.tar.gz in the /tmp folder. Send this file using your webmail or using other options.
18 | Troubleshooting Aruba VIA 2.0.1 Linux Edition | User Guide
Aruba VIA 2.0.1 Linux Edition | User Guide Controller Configuration | 19 Appendix A Controller Configuration This chapter describes the controller configurations required to set up user roles, and authentication and connection profiles for Virtual Intranet Access (VIA). Before you Begin  TCP 443—During the initializing phase, VIA uses HTTPS connections to perform trusted network and captive portal checks against the controller. It is mandatory that you enable port 443 on your network to allow VIA to perform these checks.  UDP 4500—Required for IPSec transport Supported Authentication Mechanisms Authentication is performed using IKEv1 and IKEV2. Phase 0 authentication, which authenticates the VPN client, can be performed using either a pre-shared key or an X.509 certificate (the X.509 certificate must appear in the operating system’s “user” certificate store.). If certificates are used for IKE phase 0 authentication, it must be followed by username and password authentication. The second authentication phase is performed using xAuth, which requires a username and password. The username and password is authenticated against the controller’s internal database, a RADIUS server, or an LDAP server. If a RADIUS server is used, it must support the PAP protoco or MSCHAPv2. Support for two-factor authentication such as token cards is provided. Token product like RSA tokens and other token cards are also supported. This includes support for new-pin and next-pin. IKEv2 is an updated version that is faster and supports a wider variety of authentication mechanisms. IKEv2 has only single phase authentication process. VIA supports the following IKEv2 authentication methods:  Username and password  X.509 certificate. Controllers running ArubaOS 6.1 or greater support OCSP for the purpose of validating a certificate that has not been revoked.  EAP (Extensible Authentication Protocol) including EAP-TLS and EAP-MSCHAPv2.  Certificates based authentication.  Smart cards that support a Smart Card Cryptographic Provider (SCCP) API within the operating system. VIA will look for an X.509 certificate in the operating system’s certificate store. A smart card supporting SCCP will cause the certificate embedded within the smart card to automatically appear in the operating system’s certificate store. Configuring VIA Settings on Controller The following steps are required to configure your controller for VIA. These steps are described in detail in the subsections that follow. 1. Enable VPN Server Module—ArubaOS allows you to connect to the VIA controller using the default user roles. However, to configure and assign specific user roles you must install the Policy Enforcement Firewall Virtual Private Network (PEFV) license.
20 | Controller Configuration Aruba VIA 2.0.1 Linux Edition | User Guide 2. Create VIA User Roles—VIA user roles contain access control policies for users connecting to your network using VIA. You can configure different VIA roles or use the default VIA role—default-via- role 3. Create VIA Authentication Profile—A VIA authentication profile contains a server group for authenticating VIA users. The server group contains the list of authentication servers and server rules to derive user roles based on the user authentication. You can configure multiple VIA authentication profiles and/or use the default VIA authentication profile created with Internal server group. 4. Create VIA Connection Profile— A VIA connection profile contains settings required by VIA to establish a secure connection to the controller. You can configure multiple VIA connection profiles. A VIA connection profile is always associated to a user role and all users belonging to that role will use the configured settings. If you do not assign a VIA connection profile to a user role, the default connection profile is used. 5. Configure VIA Web Authentication—A VIA web authentication profile contains an ordered list of VIA authentication profiles. The web authentication profile is used by end users to login to the VIA download page (https://<server-IP-address>/via) for downloading the VIA client. Only one VIA web authentication profile is available. If more than one VIA authentication profile is configured, users can view this list and select one during the client login. 6. Associate VIA Connection Profile to User Role—A VIA connection profile has to be associated to a user role. Users will login by authenticating against the server group specified in the VIA authentication profile and are put into that user role. The VIA configuration settings are derived from the VIA connection profile attached to that user role. The default VIA connection profile is used. Using WebUI to Configure VIA The following steps illustrate configuring your controller for VIA using the WebUI. Enable VPN Server Module You must install the PEFV license to configure and assign user roles. See the Software Licenses chapter in the latest ArubaOS 6.1 user guide for more information on licenses. To install a license: 1. Navigate to Configuration > Network > Controller and select the Licenses tab on the right hand side. 2. Paste the license key in the Add New License key text box and click the Add button. Create VIA User Roles To create VIA users roles: 1. Navigate to Configuration > Security > Access Control > User Roles. 2. Click Add to create new policies. Click Done after creating the user role and apply to save it to the configuration. Create VIA Authentication Profile This following steps illustrate the procedure to create an authentication profile to authenticate users against a server group. 1. Navigate to Configuration > Security > Authentication > L3 Authentication.
Aruba VIA 2.0.1 Linux Edition | User Guide Controller Configuration | 21 2. Under the Profiles section, expand the VIA Authentication Profile option. You can configure the following parameters for the authentication profile: Table 4 VIA - Authentication Profile Parameters Parameter Description Default Role The role that will be assigned to the authenticated users. Max Authentication Failures Specifies the maximum authentication failures allowed. The default is 0 (zero). Description A user friendly name or description for the authentication profile. Check certificate common name against AAA server If you use client certificates for user authentication, enable this option to verify that the certificate's common name exists in the server. Authentication protocol PAP and MSCHAPv2 protocols are supported to authenticate VIA users. Default: PAP 3. To create a new authentication profile: a. Enter a name for the new authentication profile under the VIA Authentication Profiles section and click the Add button. b. Expand the VIA Authentication Profiles option and select the new profile name. 4. To modify an authentication profile, select the profile name to configure the default role The following screenshot uses the default authentication profile. Figure 4 VIA - Associate User Role to VIA Authentication Profile 5. To use a different server group, Click Server Group under VIA Authentication Profile and select New to create a new server group. Figure 5 VIA - Creating a new server group for VIA authentication profile 6. Enter a name for the server group.
22 | Controller Configuration Aruba VIA 2.0.1 Linux Edition | User Guide Figure 6 VIA - Enter a name for the server group Create VIA Connection Profile To create VIA connection profile: 1. Navigate to Configuration > Security > Authentication > L3 Authentication tab. Click the VIA Connection Profile option and enter a name for the connection profile. Figure 7 VIA - Create VIA Connection Profile 2. Click on the new VIA connection profile to configure the connection settings. You can configure the following options for a VIA connection profile. Table 5 VIA - Connection Profile Options Configuration Option Description VIA Servers Enter the following information about the VIA controller.  Hostname/IP Address: This is the public IP address or the DNS hostname of your VIA Server / controller. Users will connect to this remote server using the IP address or the hostname.  Internal IP Address: This is the IP address of any of the VLAN interface IP addresses belonging to this VIA server.  Description: This is a human-readable description of the VIA server. Click the Add button after you have entered all the details. If you have more than one VIA controller you re-order them by clicking the Up and Down arrows. To delete a VIA server from your list, select a server and click the Delete button. VIA Authentication Profiles to provision This is the list of VIA authentication profiles that will be displayed to users in the VIA client. See “Create VIA Authentication Profile” on page 20.  Select an authentication profile and click the Add button to add to the authentication profiles list.  You can change the order of the list by clicking the Up and Down arrows.  To delete an authentication profile, select a profile name and click the Delete button.
Aruba VIA 2.0.1 Linux Edition | User Guide Controller Configuration | 23 VIA tunneled networks A list of network destination (IP address and netmask) that the VIA client will tunnel through the controller. All other network destinations will be reachable directly by the VIA client.  Enter an IP address and network mask. Click the Add button to add them to the tunneled networks list.  To delete a network entry, select the IP address and click the Delete button. VIA Client WLAN profiles A list of VIA client WLAN profiles that needs to be pushed to the client machines that use Windows Zero Config (WZC) to configure or manage their wireless networks.  Select a WLAN profile and click the Add button to add to the client WLAN profiles list.  To delete an entry, select the profile name and click the Delete button. See “Create VIA Roles” on page 26 for more information. VIA IKE V2 Policy List of available IKEv2 policies. VIA IKE Policy List of IKE policies that the VIA Client has to use to connect to the controller. These IKE policies are configured under Configuration > Advanced Services > VPN Services > IPSEC > IKE Policies. Use Credentials Enable or disable the use of the Windows credentials to login to VIA. If enabled, the SSO (Single Sign-on) feature can be utilized by remote users to connect to internal resources. Default: Enabled Enable IKEv2 Select this option to enable or disable the use of IKEv2 policies for VIA. IKEv2 Authentication method. List of all IKEv2 authentication methods. VIA IPSec V2 Crypto Map List of all IPSec V2 that the VIA client uses to connect to the controller. VIA IPSec Crypto Map List of IPSec Crypto Map that the VIA client uses to connect to the controller. These IPSec Crypto Maps are configured in CLI using the crypto-local ipsec-map <ipsec-map-name> command. VIA Client Network Mask The network mask that has to be set on the client after the VPN connection is established. Default: 255.255.255.255 VIA Client DNS Suffix List The DNS suffix list (comma separated) that has be set on the client once the VPN connection is established. Default: None. VIA Support E-mail Address The support e-mail address to which VIA users will send client logs. Default: None. VIA external download URL End users will use this URL to download VIA on their computers. Content Security Gateway URL If the split-tunnel is enabled, access to external (non-corporate) web sites will be verified by the specified content security service provider. See the Content Security Service chapter in the latest ArubaOS user guide for details about Aruba content security service. Enable Content Security Services Select this checkbox to enable content security service. You must install the Content Security Services licenses to use this option. See the Software Licenses chapter in the latest ArubaOS user guide for more information on licenses. Table 5 VIA - Connection Profile Options Configuration Option Description
24 | Controller Configuration Aruba VIA 2.0.1 Linux Edition | User Guide Client Auto-Login Enable or disable VIA client to auto login and establish a secure connection to the controller. Default: Enabled Allow client to auto-upgrade Enable or disable VIA client to automatically upgrade when an updated version of the client is available on the controller. Default: Enabled Enable split-tunneling Enable or disable split tunneling.  If enabled, all traffic to the VIA tunneled networks (Step 3 in this table) will go through the controller and the rest is just bridged directly on the client.  If disabled, all traffic will flow through the controller. Default: off Allow client-side logging Enable or disable client side logging. If enabled, VIA client will collect logs that can be sent to the support email-address for troubleshooting. Default: Enabled Allow user to save passwords Enable or disable users to save passwords entered in VIA. Default: Enabled Lockdown All Settings If enabled, all user option on the VIA client are disabled. Enable Controllers Load Balance Enable this option to allow the VIA client to failover to the next available controller selected randomly from the list as configured in the VIA Servers option. If disabled, VIA will failover to the next controller in the sequence of ordered list of VIA Servers. Enable Domain Pre-Connect Enable this option to allow users with lost or expired passwords to establish a VIA connection to corporate network. This option authenticates the user’s device and establishes a VIA connection that allows users to reset credentials and continue with corporate access. Validate Server Certificate Enable or disable VIA from validating the server certificate presented by the controller. Default: Enabled VIA max session timeout The maximum time (minutes) allowed before the VIA session is disconnected. Default: 1440 min VIA Logon Script Specify the name of the logon script that must be executed after VIA establishes a secure connection. The logon script must reside in the client computer. VIA Logoff Script Specify the name of the log-off script that must be executed after the VIA connection is disconnected. The logoff script must reside in the client computer. Maximum reconnection attempts The maximum number of re-connection attempts by the VIA client due to authentication failures. Default: 3 Allow user to disconnect VIA Enable or disable users to disconnect their VIA sessions. Default: on Comma separated list of HTTP ports to be inspected (apart from default port 80) Traffic from the specified ports will be verified by the content security service provider. Table 5 VIA - Connection Profile Options Configuration Option Description
Aruba VIA 2.0.1 Linux Edition | User Guide Controller Configuration | 25 Configure VIA Web Authentication To configure VIA web authentication profile: 1. Navigate to Configuration > Security > Authentication > L3 Authentication tab. 2. Expand VIA Web Authentication and click on default profile. You can have only one profile (default) for VIA web authentication. 3. Select a profile from VIA Authentication Profile drop-down list box and click the Add button.  To re-order profiles, click the Up and Down button.  To delete a profile, select a profile and click the Delete button. 4. If a profile is not selected, the default VIA authentication profile is used. Figure 8 VIA - Select VIA Authentication Profile Associate VIA Connection Profile to User Role To associate a VIA connection profile to a user role: 1. Navigate to Configuration > Security > Access Control > User Roles tab. 2. Select the VIA user role (See “Create VIA User Roles” on page 20) and click the Edit button. 3. In the Edit Role page, navigate to VIA Connection Profile and select the connection profile from the drop-down list box and click the Change button. 4. Click the Apply button to save the changes to the configuration. Keep VIA window minimized Enable this option to minimize the VIA client to system tray during the connection phase. Applicable to VIA client installed in computers running Microsoft Windows operating system. Table 5 VIA - Connection Profile Options Configuration Option Description
26 | Controller Configuration Aruba VIA 2.0.1 Linux Edition | User Guide Figure 9 VIA - Associate VIA Connection Profile to User Role Create VIA Roles (host) (config) #user-role example-via-role (host) (config-role) #access-list session "allowall" position 1 (host) (config-role) #ipv6 session-acl "v6-allowall" position 2 Create VIA Authentication Profiles (host) (config) #aaa server-group "via-server-group" (host) (Server Group "via-server-group") #auth-server "Internal" position 1 (host) (Server Group "via-server-group") #aaa authentication via auth-profile default (host) (VIA Authentication Profile "default") #default-role example-via-role (host) (VIA Authentication Profile "default") #auth-protocol mschapv2 (host) (VIA Authentication Profile "default") #desc "Default VIA Authentication Profile" (host) (VIA Authentication Profile "default") #server-group "via-server-group" Create VIA Connection Profiles (host) (config) #aaa authentication via connection-profile "via" (host) (VIA Connection Profile "via") #server addr 202.100.10.100 internal-ip 10.11.12.13 desc "VIA Primary Controller" position 0 host) (VIA Connection Profile "via" (host) (VIA Connection Profile "via") #auth-profile "default" position 0 (host) (VIA Connection Profile "via") #tunnel address 10.0.0.0 netmask 255.255.255.0 (host) (VIA Connection Profile "via") #split-tunneling (host) (VIA Connection Profile "via") #windows-credentials (host) (VIA Connection Profile "via") #client-netmask 255.0.0.0 (host) (VIA Connection Profile "via") #dns-suffix-list example.com (host) (VIA Connection Profile "via") #support-email via-support@example.com To enable content security services (CSS), do the following. CSS is available only if you have installed the content security services license. See the Software Licenses chapter in the latest ArubaOS user guide for more information on licenses.. (host) (VIA Connection Profile "via") #enable-csec
Aruba VIA 2.0.1 Linux Edition | User Guide Controller Configuration | 27 (host) (VIA Connection Profile "via") #csec-gateway-url https://css.example.com (host) (VIA Connection Profile "via") #csec-http-ports 8080,4343 Enter the following command after you create the client WLAN profile. See “Create VIA Roles” on page 26 (host) (VIA Connection Profile "via") #client-wlan-profile "via_corporate_wpa2" position 0 Configure VIA Web Authentication (host) (config) #aaa authentication via web-auth default (host) (VIA Web Authentication "default") #auth-profile default position 0 You can have only one profile (default) for VIA web authentication. Associate VIA Connection Profile to User Role (host) (config) #user-role "example-via-role" (host) (config-role) #via "via"
28 | Controller Configuration Aruba VIA 2.0.1 Linux Edition | User Guide
Aruba VIA 2.0.1 Linux Edition | User Guide DNS Configuration | 29 Appendix B DNS Configuration You must configure the appropriate corporate DNS servers, for use by Virtual Intranet Access (VIA) clients that connect to the controller. Perform the following steps to configure DNS on RHEL and CentOS: 1. Open NetworkManager configuration file in text editor (root permissions required): #sudo gedit /etc/NetworkManager/NetworkManager.conf add the following string: “.keyfile” to the section main:RHEL and CentOS [main] plugins=ifcfg-rh,keyfile 2. Save and exit from editor, restart NetworkManager (or just reboot): #sudo service NetworkManager restart 3. Configure SELinux to allow DNS setup for VIA VPN plug-in. # grep /usr/sbin/NetworkManager /var/log/audit/audit.log | audit2allow -D -M mypol2 # semodule -i mypol2.pp # grep iptables /var/log/audit/audit.log | audit2allow -M mypol3 # semodule -i mypol3.pp 4. To see the list of DNS servers, set check file /etc/resolv.conf and add new DNS #cat /etc/resolv.conf.
30 | DNS Configuration Aruba VIA 2.0.1 Linux Edition | User Guide

Recommended

Aruba wireless and clear pass 6 integration guide v1.3
Aruba wireless and clear pass 6 integration guide v1.3Aruba wireless and clear pass 6 integration guide v1.3
Aruba wireless and clear pass 6 integration guide v1.3Aruba, a Hewlett Packard Enterprise company
 
Large scale, distributed access management deployment with aruba clear pass
Large scale, distributed access management deployment with aruba clear passLarge scale, distributed access management deployment with aruba clear pass
Large scale, distributed access management deployment with aruba clear passAruba, a Hewlett Packard Enterprise company
 
EMEA Airheads_ Advance Aruba Central
EMEA Airheads_ Advance Aruba CentralEMEA Airheads_ Advance Aruba Central
EMEA Airheads_ Advance Aruba CentralAruba, a Hewlett Packard Enterprise company
 
Aruba OS 6.3 Command Line Interface Reference Guide
Aruba OS 6.3 Command Line Interface Reference GuideAruba OS 6.3 Command Line Interface Reference Guide
Aruba OS 6.3 Command Line Interface Reference GuideAruba, a Hewlett Packard Enterprise company
 
Aruba MeshOS 4.7 User Guide
Aruba MeshOS 4.7 User GuideAruba MeshOS 4.7 User Guide
Aruba MeshOS 4.7 User GuideAruba, a Hewlett Packard Enterprise company
 
WLAN Design for Location
WLAN Design for LocationWLAN Design for Location
WLAN Design for LocationAruba, a Hewlett Packard Enterprise company
 
Guest Access with ArubaOS
Guest Access with ArubaOSGuest Access with ArubaOS
Guest Access with ArubaOSAruba, a Hewlett Packard Enterprise company
 
Aruba WLANs 101 and design fundamentals
Aruba WLANs 101 and design fundamentalsAruba WLANs 101 and design fundamentals
Aruba WLANs 101 and design fundamentalsAruba, a Hewlett Packard Enterprise company
 

Recommended

Aruba wireless and clear pass 6 integration guide v1.3
Aruba wireless and clear pass 6 integration guide v1.3Aruba wireless and clear pass 6 integration guide v1.3
Aruba wireless and clear pass 6 integration guide v1.3Aruba, a Hewlett Packard Enterprise company
 
Large scale, distributed access management deployment with aruba clear pass
Large scale, distributed access management deployment with aruba clear passLarge scale, distributed access management deployment with aruba clear pass
Large scale, distributed access management deployment with aruba clear passAruba, a Hewlett Packard Enterprise company
 
EMEA Airheads_ Advance Aruba Central
EMEA Airheads_ Advance Aruba CentralEMEA Airheads_ Advance Aruba Central
EMEA Airheads_ Advance Aruba CentralAruba, a Hewlett Packard Enterprise company
 
Aruba OS 6.3 Command Line Interface Reference Guide
Aruba OS 6.3 Command Line Interface Reference GuideAruba OS 6.3 Command Line Interface Reference Guide
Aruba OS 6.3 Command Line Interface Reference GuideAruba, a Hewlett Packard Enterprise company
 
Aruba MeshOS 4.7 User Guide
Aruba MeshOS 4.7 User GuideAruba MeshOS 4.7 User Guide
Aruba MeshOS 4.7 User GuideAruba, a Hewlett Packard Enterprise company
 
WLAN Design for Location
WLAN Design for LocationWLAN Design for Location
WLAN Design for LocationAruba, a Hewlett Packard Enterprise company
 
Guest Access with ArubaOS
Guest Access with ArubaOSGuest Access with ArubaOS
Guest Access with ArubaOSAruba, a Hewlett Packard Enterprise company
 
Aruba WLANs 101 and design fundamentals
Aruba WLANs 101 and design fundamentalsAruba WLANs 101 and design fundamentals
Aruba WLANs 101 and design fundamentalsAruba, a Hewlett Packard Enterprise company
 
Clear pass policy manager advanced_ashwath murthy
Clear pass policy manager advanced_ashwath murthyClear pass policy manager advanced_ashwath murthy
Clear pass policy manager advanced_ashwath murthyAruba, a Hewlett Packard Enterprise company
 
Campus Redundancy Models
Campus Redundancy ModelsCampus Redundancy Models
Campus Redundancy ModelsAruba, a Hewlett Packard Enterprise company
 
Aruba Mobility Controllers
Aruba Mobility ControllersAruba Mobility Controllers
Aruba Mobility ControllersAruba, a Hewlett Packard Enterprise company
 
EMEA Airheads- Getting Started with the ClearPass REST API – CPPM
EMEA Airheads- Getting Started with the ClearPass REST API – CPPMEMEA Airheads- Getting Started with the ClearPass REST API – CPPM
EMEA Airheads- Getting Started with the ClearPass REST API – CPPMAruba, a Hewlett Packard Enterprise company
 
ClearPass design scenarios that solve the toughest security policy requirements
ClearPass design scenarios that solve the toughest security policy requirementsClearPass design scenarios that solve the toughest security policy requirements
ClearPass design scenarios that solve the toughest security policy requirementsAruba, a Hewlett Packard Enterprise company
 
Bringing up Aruba Mobility Master, Managed Device & Access Point
Bringing up Aruba Mobility Master, Managed Device & Access PointBringing up Aruba Mobility Master, Managed Device & Access Point
Bringing up Aruba Mobility Master, Managed Device & Access PointAruba, a Hewlett Packard Enterprise company
 
EMEA Airheads- ArubaOS - Rogue AP troubleshooting
EMEA Airheads- ArubaOS - Rogue AP troubleshootingEMEA Airheads- ArubaOS - Rogue AP troubleshooting
EMEA Airheads- ArubaOS - Rogue AP troubleshootingAruba, a Hewlett Packard Enterprise company
 
Advanced Access Management with Aruba ClearPass #AirheadsConf Italy
Advanced Access Management with Aruba ClearPass #AirheadsConf ItalyAdvanced Access Management with Aruba ClearPass #AirheadsConf Italy
Advanced Access Management with Aruba ClearPass #AirheadsConf ItalyAruba, a Hewlett Packard Enterprise company
 
Aruba Netwrok(1).pptx
Aruba Netwrok(1).pptxAruba Netwrok(1).pptx
Aruba Netwrok(1).pptxEmanHashem6
 
Real-world 802.1X Deployment Challenges
Real-world 802.1X Deployment ChallengesReal-world 802.1X Deployment Challenges
Real-world 802.1X Deployment ChallengesAruba, a Hewlett Packard Enterprise company
 
EMEA Airheads- Manage Devices at Branch Office (BOC)
EMEA Airheads- Manage Devices at Branch Office (BOC)EMEA Airheads- Manage Devices at Branch Office (BOC)
EMEA Airheads- Manage Devices at Branch Office (BOC)Aruba, a Hewlett Packard Enterprise company
 
Airheads Tech Talks: Cloud Guest SSID on Aruba Central
Airheads Tech Talks: Cloud Guest SSID on Aruba CentralAirheads Tech Talks: Cloud Guest SSID on Aruba Central
Airheads Tech Talks: Cloud Guest SSID on Aruba CentralAruba, a Hewlett Packard Enterprise company
 
Aruba Networks - Overview ClearPass
Aruba Networks - Overview ClearPassAruba Networks - Overview ClearPass
Aruba Networks - Overview ClearPassPaulo Eduardo Sibalde
 
EMEA Airheads- Aruba 8.x Architecture overview & UI Navigation
EMEA Airheads- Aruba 8.x Architecture overview & UI NavigationEMEA Airheads- Aruba 8.x Architecture overview & UI Navigation
EMEA Airheads- Aruba 8.x Architecture overview & UI NavigationAruba, a Hewlett Packard Enterprise company
 
Advanced rf troubleshooting_peter lane
Advanced rf troubleshooting_peter laneAdvanced rf troubleshooting_peter lane
Advanced rf troubleshooting_peter laneAruba, a Hewlett Packard Enterprise company
 
EMEA Airheads- Aruba Central with Instant AP
EMEA Airheads- Aruba Central with Instant APEMEA Airheads- Aruba Central with Instant AP
EMEA Airheads- Aruba Central with Instant APAruba, a Hewlett Packard Enterprise company
 
Apple Captive Network Assistant Bypass with ClearPass Guest
Apple Captive Network Assistant Bypass with ClearPass GuestApple Captive Network Assistant Bypass with ClearPass Guest
Apple Captive Network Assistant Bypass with ClearPass GuestAruba, a Hewlett Packard Enterprise company
 
Enhance network security with Multi-Factor Authentication for BYOD and guest ...
Enhance network security with Multi-Factor Authentication for BYOD and guest ...Enhance network security with Multi-Factor Authentication for BYOD and guest ...
Enhance network security with Multi-Factor Authentication for BYOD and guest ...Aruba, a Hewlett Packard Enterprise company
 
Access Management with Aruba ClearPass
Access Management with Aruba ClearPassAccess Management with Aruba ClearPass
Access Management with Aruba ClearPassAruba, a Hewlett Packard Enterprise company
 
ClearPass Overview
ClearPass OverviewClearPass Overview
ClearPass OverviewJoAnna Cheshire
 
Aruba VIA 2.0 (Mac) User Guide
Aruba VIA 2.0 (Mac) User GuideAruba VIA 2.0 (Mac) User Guide
Aruba VIA 2.0 (Mac) User GuideAruba, a Hewlett Packard Enterprise company
 
ClearPass Policy Manager 6.3 User Guide
ClearPass Policy Manager 6.3 User GuideClearPass Policy Manager 6.3 User Guide
ClearPass Policy Manager 6.3 User GuideAruba, a Hewlett Packard Enterprise company
 

More Related Content

What's hot

Aruba Netwrok(1).pptx
Aruba Netwrok(1).pptxAruba Netwrok(1).pptx
Aruba Netwrok(1).pptxEmanHashem6
 
Enhance network security with Multi-Factor Authentication for BYOD and guest ...
Enhance network security with Multi-Factor Authentication for BYOD and guest ...Enhance network security with Multi-Factor Authentication for BYOD and guest ...
Enhance network security with Multi-Factor Authentication for BYOD and guest ...Aruba, a Hewlett Packard Enterprise company
 

What's hot (20)

Clear pass policy manager advanced_ashwath murthy
Clear pass policy manager advanced_ashwath murthyClear pass policy manager advanced_ashwath murthy
Clear pass policy manager advanced_ashwath murthy
 
Campus Redundancy Models
Campus Redundancy ModelsCampus Redundancy Models
Campus Redundancy Models
 
Aruba Mobility Controllers
Aruba Mobility ControllersAruba Mobility Controllers
Aruba Mobility Controllers
 
EMEA Airheads- Getting Started with the ClearPass REST API – CPPM
EMEA Airheads- Getting Started with the ClearPass REST API – CPPMEMEA Airheads- Getting Started with the ClearPass REST API – CPPM
EMEA Airheads- Getting Started with the ClearPass REST API – CPPM
 
ClearPass design scenarios that solve the toughest security policy requirements
ClearPass design scenarios that solve the toughest security policy requirementsClearPass design scenarios that solve the toughest security policy requirements
ClearPass design scenarios that solve the toughest security policy requirements
 
Bringing up Aruba Mobility Master, Managed Device & Access Point
Bringing up Aruba Mobility Master, Managed Device & Access PointBringing up Aruba Mobility Master, Managed Device & Access Point
Bringing up Aruba Mobility Master, Managed Device & Access Point
 
EMEA Airheads- ArubaOS - Rogue AP troubleshooting
EMEA Airheads- ArubaOS - Rogue AP troubleshootingEMEA Airheads- ArubaOS - Rogue AP troubleshooting
EMEA Airheads- ArubaOS - Rogue AP troubleshooting
 
Advanced Access Management with Aruba ClearPass #AirheadsConf Italy
Advanced Access Management with Aruba ClearPass #AirheadsConf ItalyAdvanced Access Management with Aruba ClearPass #AirheadsConf Italy
Advanced Access Management with Aruba ClearPass #AirheadsConf Italy
 
Aruba Netwrok(1).pptx
Aruba Netwrok(1).pptxAruba Netwrok(1).pptx
Aruba Netwrok(1).pptx
 
Real-world 802.1X Deployment Challenges
Real-world 802.1X Deployment ChallengesReal-world 802.1X Deployment Challenges
Real-world 802.1X Deployment Challenges
 
EMEA Airheads- Manage Devices at Branch Office (BOC)
EMEA Airheads- Manage Devices at Branch Office (BOC)EMEA Airheads- Manage Devices at Branch Office (BOC)
EMEA Airheads- Manage Devices at Branch Office (BOC)
 
Airheads Tech Talks: Cloud Guest SSID on Aruba Central
Airheads Tech Talks: Cloud Guest SSID on Aruba CentralAirheads Tech Talks: Cloud Guest SSID on Aruba Central
Airheads Tech Talks: Cloud Guest SSID on Aruba Central
 
Aruba Networks - Overview ClearPass
Aruba Networks - Overview ClearPassAruba Networks - Overview ClearPass
Aruba Networks - Overview ClearPass
 
EMEA Airheads- Aruba 8.x Architecture overview & UI Navigation
EMEA Airheads- Aruba 8.x Architecture overview & UI NavigationEMEA Airheads- Aruba 8.x Architecture overview & UI Navigation
EMEA Airheads- Aruba 8.x Architecture overview & UI Navigation
 
Advanced rf troubleshooting_peter lane
Advanced rf troubleshooting_peter laneAdvanced rf troubleshooting_peter lane
Advanced rf troubleshooting_peter lane
 
EMEA Airheads- Aruba Central with Instant AP
EMEA Airheads- Aruba Central with Instant APEMEA Airheads- Aruba Central with Instant AP
EMEA Airheads- Aruba Central with Instant AP
 
Apple Captive Network Assistant Bypass with ClearPass Guest
Apple Captive Network Assistant Bypass with ClearPass GuestApple Captive Network Assistant Bypass with ClearPass Guest
Apple Captive Network Assistant Bypass with ClearPass Guest
 
Enhance network security with Multi-Factor Authentication for BYOD and guest ...
Enhance network security with Multi-Factor Authentication for BYOD and guest ...Enhance network security with Multi-Factor Authentication for BYOD and guest ...
Enhance network security with Multi-Factor Authentication for BYOD and guest ...
 
Access Management with Aruba ClearPass
Access Management with Aruba ClearPassAccess Management with Aruba ClearPass
Access Management with Aruba ClearPass
 
ClearPass Overview
ClearPass OverviewClearPass Overview
ClearPass Overview
 

Viewers also liked

Aos & cppm integration & testing document for eap tls & eap peap
Aos & cppm integration & testing document for eap tls & eap peapAos & cppm integration & testing document for eap tls & eap peap
Aos & cppm integration & testing document for eap tls & eap peapJulia Ostrowski
 

Viewers also liked (20)

Aruba VIA 2.0 (Mac) User Guide
Aruba VIA 2.0 (Mac) User GuideAruba VIA 2.0 (Mac) User Guide
Aruba VIA 2.0 (Mac) User Guide
 
ClearPass Policy Manager 6.3 User Guide
ClearPass Policy Manager 6.3 User GuideClearPass Policy Manager 6.3 User Guide
ClearPass Policy Manager 6.3 User Guide
 
Aruba instant 6.4.0.2 4.1 user guide
Aruba instant 6.4.0.2 4.1 user guideAruba instant 6.4.0.2 4.1 user guide
Aruba instant 6.4.0.2 4.1 user guide
 
Aruba ClearPass Guest 6.3 User Guide
Aruba ClearPass Guest 6.3 User GuideAruba ClearPass Guest 6.3 User Guide
Aruba ClearPass Guest 6.3 User Guide
 
Aruba Activate User Guide
Aruba Activate User GuideAruba Activate User Guide
Aruba Activate User Guide
 
Aruba OS 7.3 Command Line Interface Reference Guide
Aruba OS 7.3 Command Line Interface Reference GuideAruba OS 7.3 Command Line Interface Reference Guide
Aruba OS 7.3 Command Line Interface Reference Guide
 
ClearPass 6.3.2 Release Notes
ClearPass 6.3.2 Release NotesClearPass 6.3.2 Release Notes
ClearPass 6.3.2 Release Notes
 
ArubaOS 6.3.x Quick Start Guide
ArubaOS 6.3.x Quick Start GuideArubaOS 6.3.x Quick Start Guide
ArubaOS 6.3.x Quick Start Guide
 
Aruba OS 6.3 User Guide
Aruba OS 6.3 User GuideAruba OS 6.3 User Guide
Aruba OS 6.3 User Guide
 
Airwave 7.7.9 Release Notes
Airwave 7.7.9 Release NotesAirwave 7.7.9 Release Notes
Airwave 7.7.9 Release Notes
 
Aruba OS 7.3 User Guide
Aruba OS 7.3 User GuideAruba OS 7.3 User Guide
Aruba OS 7.3 User Guide
 
Aruba Instant 6.4.0.2-4.1 Command Line Interface Reference Guide
Aruba Instant 6.4.0.2-4.1 Command Line Interface Reference GuideAruba Instant 6.4.0.2-4.1 Command Line Interface Reference Guide
Aruba Instant 6.4.0.2-4.1 Command Line Interface Reference Guide
 
Aruba VIA 2.0 User Guide
Aruba VIA 2.0 User GuideAruba VIA 2.0 User Guide
Aruba VIA 2.0 User Guide
 
Aos & cppm integration & testing document for eap tls & eap peap
Aos & cppm integration & testing document for eap tls & eap peapAos & cppm integration & testing document for eap tls & eap peap
Aos & cppm integration & testing document for eap tls & eap peap
 
Aruba OS 6.4 Command Line Interface Reference Guide
Aruba OS 6.4 Command Line Interface Reference GuideAruba OS 6.4 Command Line Interface Reference Guide
Aruba OS 6.4 Command Line Interface Reference Guide
 
Aruba OS 6.4 User Guide
Aruba OS 6.4 User GuideAruba OS 6.4 User Guide
Aruba OS 6.4 User Guide
 
ClearPass 6.4.2 Release Notes
ClearPass 6.4.2 Release NotesClearPass 6.4.2 Release Notes
ClearPass 6.4.2 Release Notes
 
ClearPass 6.3.5 Release Notes
ClearPass 6.3.5 Release NotesClearPass 6.3.5 Release Notes
ClearPass 6.3.5 Release Notes
 
ClearPass 6.3.6 Release Notes
ClearPass 6.3.6 Release NotesClearPass 6.3.6 Release Notes
ClearPass 6.3.6 Release Notes
 
ClearPass Insight 6.3 User Guide
ClearPass Insight 6.3 User GuideClearPass Insight 6.3 User Guide
ClearPass Insight 6.3 User Guide
 

Similar to Aruba VIA 2.0.1 User Guide Linux Edition

Tera data install guide for linux
Tera data install guide for linuxTera data install guide for linux
Tera data install guide for linuxbajmi
 
inSync Administrator's Guide Enterprise 5.1
inSync Administrator's Guide Enterprise 5.1inSync Administrator's Guide Enterprise 5.1
inSync Administrator's Guide Enterprise 5.1druva_slideshare
 
Barrister Enterprise Server Support
Barrister Enterprise Server SupportBarrister Enterprise Server Support
Barrister Enterprise Server Supportavicknair2
 
Sap r3 installation on windows oracle database
Sap r3 installation on windows oracle databaseSap r3 installation on windows oracle database
Sap r3 installation on windows oracle databasericardopabloasensio
 
Sap r3 installation on windows oracle database
Sap r3 installation on windows oracle databaseSap r3 installation on windows oracle database
Sap r3 installation on windows oracle databasericardopabloasensio
 
vxfs_admin_51sp1_hpux
vxfs_admin_51sp1_hpuxvxfs_admin_51sp1_hpux
vxfs_admin_51sp1_hpuxE. Balauca
 
CYB 360 Education Specialist |tutorialrank.com
CYB 360 Education Specialist |tutorialrank.comCYB 360 Education Specialist |tutorialrank.com
CYB 360 Education Specialist |tutorialrank.comladworkspaces
 
Cyb 360 academic adviser ....tutorialrank.com
Cyb 360 academic adviser ....tutorialrank.comCyb 360 academic adviser ....tutorialrank.com
Cyb 360 academic adviser ....tutorialrank.comladworkspaces
 
Zebra sap-smartforms-solution
Zebra sap-smartforms-solutionZebra sap-smartforms-solution
Zebra sap-smartforms-solutionmartin_josep
 
Upgrading blackboard academic_suite_to_blackboard_learn_release_9
Upgrading blackboard academic_suite_to_blackboard_learn_release_9Upgrading blackboard academic_suite_to_blackboard_learn_release_9
Upgrading blackboard academic_suite_to_blackboard_learn_release_9Selva G Kumar
 
Service desk release_enu
Service desk release_enuService desk release_enu
Service desk release_enugauravneo_007
 
Tn068 f -_freeradius_and_mysql_linux_configuration_v1.6.2
Tn068 f -_freeradius_and_mysql_linux_configuration_v1.6.2Tn068 f -_freeradius_and_mysql_linux_configuration_v1.6.2
Tn068 f -_freeradius_and_mysql_linux_configuration_v1.6.2Fortes Sapiens
 
ESM5.6_SCG_Network.pdf
ESM5.6_SCG_Network.pdfESM5.6_SCG_Network.pdf
ESM5.6_SCG_Network.pdfProtect724v3
 

Similar to Aruba VIA 2.0.1 User Guide Linux Edition (20)

Air group configuration howto with clearpass 6 v1.2(1)
Air group configuration howto with clearpass 6 v1.2(1)Air group configuration howto with clearpass 6 v1.2(1)
Air group configuration howto with clearpass 6 v1.2(1)
 
Tera data install guide for linux
Tera data install guide for linuxTera data install guide for linux
Tera data install guide for linux
 
brother 2170
brother 2170brother 2170
brother 2170
 
inSync Administrator's Guide Enterprise 5.1
inSync Administrator's Guide Enterprise 5.1inSync Administrator's Guide Enterprise 5.1
inSync Administrator's Guide Enterprise 5.1
 
ISE-802.1X-MAB
ISE-802.1X-MABISE-802.1X-MAB
ISE-802.1X-MAB
 
Ecc ad ldap
Ecc ad ldapEcc ad ldap
Ecc ad ldap
 
Barrister Enterprise Server Support
Barrister Enterprise Server SupportBarrister Enterprise Server Support
Barrister Enterprise Server Support
 
Cisco switch setup with cppm v1.2
Cisco switch setup with cppm v1.2Cisco switch setup with cppm v1.2
Cisco switch setup with cppm v1.2
 
Sap r3 installation on windows oracle database
Sap r3 installation on windows oracle databaseSap r3 installation on windows oracle database
Sap r3 installation on windows oracle database
 
Sap r3 installation on windows oracle database
Sap r3 installation on windows oracle databaseSap r3 installation on windows oracle database
Sap r3 installation on windows oracle database
 
vxfs_admin_51sp1_hpux
vxfs_admin_51sp1_hpuxvxfs_admin_51sp1_hpux
vxfs_admin_51sp1_hpux
 
Aruba wireless and clear pass 6 integration guide v1 1.3
Aruba wireless and clear pass 6 integration guide v1 1.3Aruba wireless and clear pass 6 integration guide v1 1.3
Aruba wireless and clear pass 6 integration guide v1 1.3
 
CYB 360 Education Specialist |tutorialrank.com
CYB 360 Education Specialist |tutorialrank.comCYB 360 Education Specialist |tutorialrank.com
CYB 360 Education Specialist |tutorialrank.com
 
Cyb 360 academic adviser ....tutorialrank.com
Cyb 360 academic adviser ....tutorialrank.comCyb 360 academic adviser ....tutorialrank.com
Cyb 360 academic adviser ....tutorialrank.com
 
Zebra sap-smartforms-solution
Zebra sap-smartforms-solutionZebra sap-smartforms-solution
Zebra sap-smartforms-solution
 
Upgrading blackboard academic_suite_to_blackboard_learn_release_9
Upgrading blackboard academic_suite_to_blackboard_learn_release_9Upgrading blackboard academic_suite_to_blackboard_learn_release_9
Upgrading blackboard academic_suite_to_blackboard_learn_release_9
 
Service desk release_enu
Service desk release_enuService desk release_enu
Service desk release_enu
 
Tn068 f -_freeradius_and_mysql_linux_configuration_v1.6.2
Tn068 f -_freeradius_and_mysql_linux_configuration_v1.6.2Tn068 f -_freeradius_and_mysql_linux_configuration_v1.6.2
Tn068 f -_freeradius_and_mysql_linux_configuration_v1.6.2
 
ESM5.6_SCG_Network.pdf
ESM5.6_SCG_Network.pdfESM5.6_SCG_Network.pdf
ESM5.6_SCG_Network.pdf
 
Full manual
Full manualFull manual
Full manual
 

More from Aruba, a Hewlett Packard Enterprise company

More from Aruba, a Hewlett Packard Enterprise company (20)

Airheads Tech Talks: Understanding ClearPass OnGuard Agents
Airheads Tech Talks: Understanding ClearPass OnGuard AgentsAirheads Tech Talks: Understanding ClearPass OnGuard Agents
Airheads Tech Talks: Understanding ClearPass OnGuard Agents
 
Airheads Tech Talks: Advanced Clustering in AOS 8.x
Airheads Tech Talks: Advanced Clustering in AOS 8.xAirheads Tech Talks: Advanced Clustering in AOS 8.x
Airheads Tech Talks: Advanced Clustering in AOS 8.x
 
EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.x
EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.xEMEA Airheads_ Aruba AppRF – AOS 6.x & 8.x
EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.x
 
EMEA Airheads- Switch stacking_ ArubaOS Switch
EMEA Airheads- Switch stacking_ ArubaOS SwitchEMEA Airheads- Switch stacking_ ArubaOS Switch
EMEA Airheads- Switch stacking_ ArubaOS Switch
 
EMEA Airheads- LACP and distributed LACP – ArubaOS Switch
EMEA Airheads- LACP and distributed LACP – ArubaOS SwitchEMEA Airheads- LACP and distributed LACP – ArubaOS Switch
EMEA Airheads- LACP and distributed LACP – ArubaOS Switch
 
Introduction to AirWave 10
Introduction to AirWave 10Introduction to AirWave 10
Introduction to AirWave 10
 
EMEA Airheads- Virtual Switching Framework- Aruba OS Switch
EMEA Airheads- Virtual Switching Framework- Aruba OS SwitchEMEA Airheads- Virtual Switching Framework- Aruba OS Switch
EMEA Airheads- Virtual Switching Framework- Aruba OS Switch
 
EMEA Airheads- AirGroup profiling changes across 8.1 & 8.2 – ArubaOS 8.x
EMEA Airheads- AirGroup profiling changes across 8.1 & 8.2 – ArubaOS 8.xEMEA Airheads- AirGroup profiling changes across 8.1 & 8.2 – ArubaOS 8.x
EMEA Airheads- AirGroup profiling changes across 8.1 & 8.2 – ArubaOS 8.x
 
EMEA Airheads - AP Discovery Logic and AP Deployment
EMEA Airheads - AP Discovery Logic and AP DeploymentEMEA Airheads - AP Discovery Logic and AP Deployment
EMEA Airheads - AP Discovery Logic and AP Deployment
 
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.xEMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x
 
EMEA Airheads - What does AirMatch do differently?v2
EMEA Airheads - What does AirMatch do differently?v2 EMEA Airheads - What does AirMatch do differently?v2
EMEA Airheads - What does AirMatch do differently?v2
 
Airheads Meetups: 8400 Presentation
Airheads Meetups: 8400 PresentationAirheads Meetups: 8400 Presentation
Airheads Meetups: 8400 Presentation
 
Airheads Meetups: Ekahau Presentation
Airheads Meetups: Ekahau PresentationAirheads Meetups: Ekahau Presentation
Airheads Meetups: Ekahau Presentation
 
Airheads Meetups- High density WLAN
Airheads Meetups- High density WLANAirheads Meetups- High density WLAN
Airheads Meetups- High density WLAN
 
Airheads Meetups- Avans Hogeschool goes Aruba
Airheads Meetups- Avans Hogeschool goes ArubaAirheads Meetups- Avans Hogeschool goes Aruba
Airheads Meetups- Avans Hogeschool goes Aruba
 
EMEA Airheads - Configuring different APIs in Aruba 8.x
EMEA Airheads - Configuring different APIs in Aruba 8.x EMEA Airheads - Configuring different APIs in Aruba 8.x
EMEA Airheads - Configuring different APIs in Aruba 8.x
 
EMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting
EMEA Airheads - Aruba Remote Access Point (RAP) TroubleshootingEMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting
EMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting
 
EMEA Airheads - Multi zone ap and centralized image upgrade
EMEA Airheads - Multi zone ap and centralized image upgradeEMEA Airheads - Multi zone ap and centralized image upgrade
EMEA Airheads - Multi zone ap and centralized image upgrade
 
EMEA Airheads How licensing works in Aruba OS 8.x
EMEA Airheads How licensing works in Aruba OS 8.xEMEA Airheads How licensing works in Aruba OS 8.x
EMEA Airheads How licensing works in Aruba OS 8.x
 
EMEA Airheads- Aruba Instant AP- VPN Troubleshooting
EMEA Airheads- Aruba Instant AP- VPN TroubleshootingEMEA Airheads- Aruba Instant AP- VPN Troubleshooting
EMEA Airheads- Aruba Instant AP- VPN Troubleshooting
 

Recently uploaded

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 

Recently uploaded (20)

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 

Aruba VIA 2.0.1 User Guide Linux Edition

  • 1. Aruba VIA 2.0.1 Linux Edition UserGuide
  • 2. www.arubanetworks.com 1344 Crossman Avenue Sunnyvale, California 94089 Phone: 408.227.4500 Fax 408.227.4550 Aruba VIA 2.0.1 Linux Edition | User Guide 0511449-01-v1 | August 2013 Copyright © 2013 Aruba Networks, Inc. Aruba Networks trademarks include , Aruba Networks®, Aruba Wireless Networks®, the registered Aruba the Mobile Edge Company logo, Aruba Mobility Management System®, Mobile Edge Architecture®, People Move. Networks Must Follow®, RFProtect®, Green Island®. All rights reserved. All other trademarks are the property of their respective owners. Open Source Code Certain Aruba products include Open Source software code developed by third parties, including software code subject to the GNU General Public License (GPL), GNU Lesser General Public License (LGPL), or other Open Source Licenses. The Open Source code used can be found at this site: http://www.arubanetworks.com/open_source Legal Notice The use of Aruba Networks, Inc. switching platforms and software, by all individuals or corporations, to terminate other vendors’ VPN client devices constitutes complete acceptance of liability by that individual or corporation for this action and indemnifies, in full, Aruba Networks, Inc. from any and all legal actions that might be taken against it with respect to infringement of copyright on behalf of those vendors. Warranty This hardware product is protected by the standard Aruba warranty of one year parts/labor. For more information, refer to the ARUBACARE SERVICE AND SUPPORT TERMS AND CONDITIONS. Altering this device (such as painting it) voids the warranty.
  • 3. Aruba VIA 2.0.1 Linux Edition | User Guide | 3 Contents About this Guide....................................................................................................................5 Intended Audience.................................................................................................5 Topics....................................................................................................................5 Conventions...........................................................................................................5 Contacting Support ...............................................................................................6 Chapter 1 VIA Overview ............................................................................................7 How it Works .........................................................................................................7 Supported Platforms .............................................................................................8 Chapter 2 VIA Installation .........................................................................................9 Installing VIA on Linux ...........................................................................................9 Pre-requisites..................................................................................................9 Procedure........................................................................................................9 Chapter 3 End User Instructions............................................................................11 Downloading VIA .................................................................................................11 Installing VIA ........................................................................................................11 Using VIA .............................................................................................................11 Connection Details Tab.................................................................................11 Diagnostic Tab ..............................................................................................12 Diagnostics Tools ...................................................................................12 Settings Tab..................................................................................................12 Uninstalling VIA....................................................................................................12 Appendix A Controller Configuration .......................................................................13 Before you Begin.................................................................................................13 Supported Authentication Mechanisms ..............................................................13 Configuring VIA Settings on Controller................................................................13 Using WebUI to Configure VIA......................................................................14 Enable VPN Server Module ....................................................................14 Create VIA User Roles ............................................................................14 Create VIA Authentication Profile ...........................................................14 Create VIA Connection Profile................................................................16 Configure VIA Web Authentication .........................................................19 Associate VIA Connection Profile to User Role......................................19 Create VIA Roles.....................................................................................20 Create VIA Authentication Profiles .........................................................20 Create VIA Connection Profiles ..............................................................20 Configure VIA Web Authentication .........................................................21 Associate VIA Connection Profile to User Role......................................21 Appendix B DNS Configuration.................................................................................23
  • 4. 4 | Aruba VIA 2.0.1 Linux Edition | User Guide
  • 5. Aruba VIA 2.0.1 Linux Edition | User Guide About this Guide | 5 About this Guide This user guide describes the Aruba Virtual Intranet Access (VIA) behavior, provides detailed instructions for the end users on Windows platform. It also mentions the steps for setting up and configuring the VIA application on a controller. See the Virtual Private Networks chapter in the latest ArubaOS user guide for information on configuring VPN settings on your controller. Intended Audience This guide is intended for system administrators responsible for configuring and maintaining VIA controllers and for VIA users who will use the VIA connection manager to connect securely to their corporate network. Topics The following topics are covered in this document:  “VIA Overview” on page 9  “VIA Installation” on page 11  “End User Instructions” on page 13  “Troubleshooting” on page 17  “Controller Configuration” on page 19  “DNS Configuration” on page 29 Conventions The following conventions are used throughout this manual to emphasize important concepts: Table 1 Typographical Conventions Type Style Description Italics This style is used to emphasize important terms and to mark the titles of books. System items This fixed-width font depicts the following:  Sample screen output  System prompts  Filenames, software devices, and specific commands when mentioned in the text Commands In the command examples, this bold font depicts text that you must type exactly as shown.
  • 6. 6 | About this Guide Aruba VIA 2.0.1 Linux Edition | User Guide The following informational icon is used throughout this guide: Indicates helpful suggestions, pertinent information, and important things to remember. <Arguments> In the command examples, italicized text within angle brackets represents items that you should replace with information appropriate to your specific situation. For example: # send <text message> In this example, you would type “send” at the system prompt exactly as shown, followed by the text of the message you wish to send. Do not type the angle brackets. [Optional] Command examples enclosed in brackets are optional. Do not type the brackets. {Item A | Item B} In the command examples, items within curled braces and separated by a vertical bar represent the available choices. Enter only one choice. Do not type the braces or bars. Table 1 Typographical Conventions (Continued) Type Style Description
  • 7. Main Site arubanetworks.com Support Site support.arubanetworks.com Airheads Social Forums and Knowledge Base community.arubanetworks.com North American Telephone 1-800-943-4526 (Toll Free) 1-408-754-1200 International Telephones arubanetworks.com/support-services/aruba-support-program/contact- support/ Software Licensing Site licensing.arubanetworks.com End of Support information www.arubanetworks.com/support-services/end-of-life-products/end-of- life-policy/ Wireless Security Incident Response Team (WSIRT) arubanetworks.com/support/wsirt.php Support Email Addresses Americas and APAC support@arubanetworks.com EMEA emea_support@arubanetworks.com WSIRT Email Please email details of any security problem found in an Aruba product. wsirt@arubanetworks.com Aruba VIA 2.0.1 Linux Edition | User Guide About this Guide | 7 Contacting Support
  • 8. 8 | About this Guide Aruba VIA 2.0.1 Linux Edition | User Guide
  • 9. Aruba VIA 2.0.1 Linux Edition | User Guide VIA Overview | 9 Chapter 1 VIA Overview Virtual Intranet Access (VIA) is part of the Aruba remote networks solution targeted for teleworkers and mobile users. VIA detects the user’s network environment (either trusted or un-trusted) and automatically connects the user to their enterprise network. Trusted networks typically refers to a protected office networks that allows users to directly access corporate intranet. Un-trusted networks are public Wi-Fi hotspots like airports, cafes, or home network. The VIA solution comes in two parts; VIA application and the controller configuration.  VIA application— Teleworkers and mobile users can easily install a light weight application on their Linux computers to connect to their enterprise network from remote locations. For mor information, see “VIA Installation” on page 11.  Controller configuration— To set up virtual intranet access for remote users, you must configure your controller with user roles, and authentication and connection profiles. You can use either the WebUI or CLI to configure your controller. For more information, see “Controller Configuration” on page 19. How it Works VIA provides a seamless connectivity experience to users when accessing an enterprise or corporate resource (example: workstation, server) from an un-trusted or trusted network connection. By default VIA will auto-launch at system start and establish a remote connection. The following table explains the typical behavior: VIA requires the PEFV license on the Mobility Controllers. The sequence of events described in Table 2 does not always happen in the order shown in the table. Table 2 VIA Connectivity Behavior User action/environment VIA’s behavior The client or user moves from a trusted to un-trusted environment. Example: From office to a public hot- spot. Establishes connection to remote network. The client moves from an un-trusted to a trusted environment. VIA does not establish remote connection. You can, however, manually connect to a network by selecting an appropriate connection profile from the Settings tab. While in an un-trusted environment, user disconnects the remote connection. Disconnects gracefully.
  • 10. 10 | VIA Overview Aruba VIA 2.0.1 Linux Edition | User Guide Supported Platforms Aruba VIA 2.0.1 is supported on the following platforms for both 32 and 64 bit Linux versions:  Red Hat® Enterprise Linux (RHEL) Desktop 6.0  CentOS Desktop 6.0  Ubuntu® 12.04 User moves to an un-trusted environment Stays idle and does not connect. This usually happens, if the user has in a previous occasion disconnected a secure connection by clicking the Disconnect button in VIA. Users can manually connect using one of the following methods: 1. Right click on the VIA icon in the system tray and select the Restore option and then select the Connect option to connect using the default connection profile. 2. Right click on the VIA icon in the system tray and select the Connect option. User clicks the Reconnect button. Establishes remote connection. In an un-trusted environment, user restarts the system. Establishes remote connection. In an un-trusted environment, user shuts down the system. Moves to a trusted environment and restarts system. VIA stays idle. Table 2 VIA Connectivity Behavior User action/environment VIA’s behavior
  • 11. Aruba VIA 2.0.1 Linux Edition | User Guide VIA Installation | 11 Chapter 2 VIA Installation Virtual Intranet Access (VIA) package can be installed on various Linux platforms such as RHEL, Ubuntu, and CentOS. This chapter explains the steps to install VIA package on these platforms. For supported platform versions, see “Supported Platforms” on page 10. Installing VIA on Linux Pre-requisites  Make sure you un-install previously installed VIA versions before installing a VIA package. For information on the un-installation steps, see “Uninstalling VIA” on page 15.  Ensure the system is up-to- date.  Execute the following commands for Ubuntu: sudo apt-get update sudo apt-get upgrade  Execute the following command for RHEL and CentOS: yum update Procedure Perform the following steps to install VIA on a Linux platforms: 1. Download the installer file from the support site. For more information, see “Downloading VIA” on page 13. 2. Mark the file as executable before installing: a. Right-click on the installer file. b. Click Permissions tab. c. Check the option Allow executing file as program and click Close. You can also run the command chmod +x filename to mark the downloaded file as an executable file. 3. Double-click on the installer file. 4. Follow the instructions to complete the installation.
  • 12. 12 | VIA Installation Aruba VIA 2.0.1 Linux Edition | User Guide
  • 13. Aruba VIA 2.0.1 Linux Edition | User Guide End User Instructions | 13 Chapter 3 End User Instructions This section of the document provides end user instructions and information on using the Virtual Intranet Access (VIA) application. Downloading VIA Download the installer setup file from the support site. Select the installer that is appropriate for your operating system and architecture. The installer setup file format is via-<version>.<osname><architecture>.<ext> and the supported file extensions are .deb and .rpm. For example, for RHEL and CentOS the setup file name can be via-2.0.0-53700.rhel6.i386.rpm. Installing VIA Double-click the downloaded set up file to start the installation process. Ensure you have un-installed previously installed VIA versions before installing a VIA package. For information on installation steps, see “VIA Installation” on page 11. Using VIA When VIA is launched for the first time after successful VIA installation, you will prompted to perform the following steps to connect to VIA: 1. Enter the remote server name, username, and password. If the VIA Web authentication list has more than one VIA authentication profile, the user can choose a VIA authentication profile from the available ones. After successful authentication, the VIA client downloads the appropriate VIA connection profile. Figure 1 Profile Download 2. Click Connect to establish the IPsec connection if the you are connected to an untrusted network.
  • 14. 14 | End User Instructions Aruba VIA 2.0.1 Linux Edition | User Guide Figure 2 Connection Status - Connecting After the successful connection, you will see the connection status as Established as shown in the following figure: Figure 3 Connection Status - Established The VIA desktop application has four tabs that provide various settings options and information about the connection status and diagnostics:  Connection Details  Diagnostics  Settings  VIA Cert Store Connection Details Tab This tab provides all required details about your remote connection. After a successful connection, you can see the assigned IP from your remote server, the profile used for the connection and other network related information.  Disconnect—Click this button to disconnect the current remote connection. You will have to manually connect for the next connection. VIA will not automatically start connection.  View Connection Log—Click this button to view the sequence of events that took place during the last or current connection. The log also provides information about upgrade requirement, missing pre- requisites, or other encountered errors.  Change Profile—Click this button to select an alternate connection profile. This button is enabled only if your administrator has configured more than one connection profile. This button toggles to Download Profile, if you clear your profile from the Settings tab.
  • 15. Aruba VIA 2.0.1 Linux Edition | User Guide End User Instructions | 15 More Details This section gives information about your local connection.  Click Network Details to view local network connection information.  Click VIA Details to view error or other connection messages. Diagnostic Tab Provides information and tools for troubleshooting your connectivity issues. Select a diagnostic tool from this tab for more information. Diagnostics Tools  Send Logs—List of log files collected by VIA. You can send this to your technical support when required. Click Send Logs to send the log files archive using your default e-mail client.  Connectivity tests—Basic tests (ping and trace-route) to verify your network connection. Settings Tab This tab allows you to configure extra settings required to collect log, use a different connection profile and set up proxy server details. Connection Profile allows you to select and connect to a different connection profile. This is usually useful if you are in remote location and you need to connect to your corporate (secure) network. In such situation, you can select a profile that uses the nearest remote server to provide secure connection to your network. Alternate connection profiles are available only if it is configured by your IT administrator. VIA Cert Store Tab This tab allows you to import and use certificates on Linux platforms. Uninstalling VIA This section mentions the paths to uninstall VIA application on CentOS, RHEL, and Ubuntu platforms: RHEL and CentOS: 1. Navigate to System > Administration > Add/Remove software. 2. Uncheck VIA and click Clear. Ubuntu: 1. Navigate to Ubuntu Software Center. 2. Select the application and click Remove. You can also uninstall the VIA application using the CLI. Execute the command sudo apt-get purge via.
  • 16. 16 | End User Instructions Aruba VIA 2.0.1 Linux Edition | User Guide
  • 17. Aruba VIA 2.0.1 Linux Edition | User Guide Troubleshooting | 17 Chapter 4 Troubleshooting This section of the document provides information to help you troubleshoot the problems you may encounter when installing, connecting, and using the VIA application. Table 3 VIA Troubleshooting Steps Action Issue Troubleshooting Steps Installation Unable to install 1. Ensure that you are using the supported Operating System. 2. Ensure the system is up to date by running the following commands. —RHELor CentOS: yum update —Ubuntu: sudo apt-get update and sudo apt-get upgrade Unable to locate VIA application for uninstallation in Ubuntu Run the following command to remove VIA in Ubuntu: sudo apt-get --purge remove via Profile Download Unable to download profile Ensure the profile can be downloaded using a browser going to https://<controller>/via and then remove any proxy settings if set in the browser. Connect VIA Unable to establish VPN connection 1. Ensure the VPN connection works fine with VIA for Windows Edition. 2. Check if the authentication method used to connect VIA is supported in VIA for Linux Edition. For more information, refer Supported VIA Features section in Aruba VIA 2.0.1 Linux Edition Release Notes. VIA does not connect automatically when a network interfaceis up Ensure the Linux Network Manager is in use. VIA does not start automatically on system start This could be because the VIA application is installed, by logging in as a different user. Certificate Storage Unable to import the certificate 1. Import the certificate into the VIA Certificate store and also import the corresponding CA certificate. 2. If the Enterprise has a CA server that can issue certificates for users, use Request User certificate option. Detect Network Events VIA unable to detect the network events Network manager may not be in use for managing network interfaces. How to check if an interface is being managed by network manager or not? Ensure that the file /etc/network/interfaces, should not have any references to the interfaces on which you attempt to connect the VIA application. Send Logs The system does not have a mail account configured. How do I send logs? Click Send Logs button in the GUI, this will create a file via_logs_<date>_<time>.tar.gz in the /tmp folder. Send this file using your webmail or using other options.
  • 18. 18 | Troubleshooting Aruba VIA 2.0.1 Linux Edition | User Guide
  • 19. Aruba VIA 2.0.1 Linux Edition | User Guide Controller Configuration | 19 Appendix A Controller Configuration This chapter describes the controller configurations required to set up user roles, and authentication and connection profiles for Virtual Intranet Access (VIA). Before you Begin  TCP 443—During the initializing phase, VIA uses HTTPS connections to perform trusted network and captive portal checks against the controller. It is mandatory that you enable port 443 on your network to allow VIA to perform these checks.  UDP 4500—Required for IPSec transport Supported Authentication Mechanisms Authentication is performed using IKEv1 and IKEV2. Phase 0 authentication, which authenticates the VPN client, can be performed using either a pre-shared key or an X.509 certificate (the X.509 certificate must appear in the operating system’s “user” certificate store.). If certificates are used for IKE phase 0 authentication, it must be followed by username and password authentication. The second authentication phase is performed using xAuth, which requires a username and password. The username and password is authenticated against the controller’s internal database, a RADIUS server, or an LDAP server. If a RADIUS server is used, it must support the PAP protoco or MSCHAPv2. Support for two-factor authentication such as token cards is provided. Token product like RSA tokens and other token cards are also supported. This includes support for new-pin and next-pin. IKEv2 is an updated version that is faster and supports a wider variety of authentication mechanisms. IKEv2 has only single phase authentication process. VIA supports the following IKEv2 authentication methods:  Username and password  X.509 certificate. Controllers running ArubaOS 6.1 or greater support OCSP for the purpose of validating a certificate that has not been revoked.  EAP (Extensible Authentication Protocol) including EAP-TLS and EAP-MSCHAPv2.  Certificates based authentication.  Smart cards that support a Smart Card Cryptographic Provider (SCCP) API within the operating system. VIA will look for an X.509 certificate in the operating system’s certificate store. A smart card supporting SCCP will cause the certificate embedded within the smart card to automatically appear in the operating system’s certificate store. Configuring VIA Settings on Controller The following steps are required to configure your controller for VIA. These steps are described in detail in the subsections that follow. 1. Enable VPN Server Module—ArubaOS allows you to connect to the VIA controller using the default user roles. However, to configure and assign specific user roles you must install the Policy Enforcement Firewall Virtual Private Network (PEFV) license.
  • 20. 20 | Controller Configuration Aruba VIA 2.0.1 Linux Edition | User Guide 2. Create VIA User Roles—VIA user roles contain access control policies for users connecting to your network using VIA. You can configure different VIA roles or use the default VIA role—default-via- role 3. Create VIA Authentication Profile—A VIA authentication profile contains a server group for authenticating VIA users. The server group contains the list of authentication servers and server rules to derive user roles based on the user authentication. You can configure multiple VIA authentication profiles and/or use the default VIA authentication profile created with Internal server group. 4. Create VIA Connection Profile— A VIA connection profile contains settings required by VIA to establish a secure connection to the controller. You can configure multiple VIA connection profiles. A VIA connection profile is always associated to a user role and all users belonging to that role will use the configured settings. If you do not assign a VIA connection profile to a user role, the default connection profile is used. 5. Configure VIA Web Authentication—A VIA web authentication profile contains an ordered list of VIA authentication profiles. The web authentication profile is used by end users to login to the VIA download page (https://<server-IP-address>/via) for downloading the VIA client. Only one VIA web authentication profile is available. If more than one VIA authentication profile is configured, users can view this list and select one during the client login. 6. Associate VIA Connection Profile to User Role—A VIA connection profile has to be associated to a user role. Users will login by authenticating against the server group specified in the VIA authentication profile and are put into that user role. The VIA configuration settings are derived from the VIA connection profile attached to that user role. The default VIA connection profile is used. Using WebUI to Configure VIA The following steps illustrate configuring your controller for VIA using the WebUI. Enable VPN Server Module You must install the PEFV license to configure and assign user roles. See the Software Licenses chapter in the latest ArubaOS 6.1 user guide for more information on licenses. To install a license: 1. Navigate to Configuration > Network > Controller and select the Licenses tab on the right hand side. 2. Paste the license key in the Add New License key text box and click the Add button. Create VIA User Roles To create VIA users roles: 1. Navigate to Configuration > Security > Access Control > User Roles. 2. Click Add to create new policies. Click Done after creating the user role and apply to save it to the configuration. Create VIA Authentication Profile This following steps illustrate the procedure to create an authentication profile to authenticate users against a server group. 1. Navigate to Configuration > Security > Authentication > L3 Authentication.
  • 21. Aruba VIA 2.0.1 Linux Edition | User Guide Controller Configuration | 21 2. Under the Profiles section, expand the VIA Authentication Profile option. You can configure the following parameters for the authentication profile: Table 4 VIA - Authentication Profile Parameters Parameter Description Default Role The role that will be assigned to the authenticated users. Max Authentication Failures Specifies the maximum authentication failures allowed. The default is 0 (zero). Description A user friendly name or description for the authentication profile. Check certificate common name against AAA server If you use client certificates for user authentication, enable this option to verify that the certificate's common name exists in the server. Authentication protocol PAP and MSCHAPv2 protocols are supported to authenticate VIA users. Default: PAP 3. To create a new authentication profile: a. Enter a name for the new authentication profile under the VIA Authentication Profiles section and click the Add button. b. Expand the VIA Authentication Profiles option and select the new profile name. 4. To modify an authentication profile, select the profile name to configure the default role The following screenshot uses the default authentication profile. Figure 4 VIA - Associate User Role to VIA Authentication Profile 5. To use a different server group, Click Server Group under VIA Authentication Profile and select New to create a new server group. Figure 5 VIA - Creating a new server group for VIA authentication profile 6. Enter a name for the server group.
  • 22. 22 | Controller Configuration Aruba VIA 2.0.1 Linux Edition | User Guide Figure 6 VIA - Enter a name for the server group Create VIA Connection Profile To create VIA connection profile: 1. Navigate to Configuration > Security > Authentication > L3 Authentication tab. Click the VIA Connection Profile option and enter a name for the connection profile. Figure 7 VIA - Create VIA Connection Profile 2. Click on the new VIA connection profile to configure the connection settings. You can configure the following options for a VIA connection profile. Table 5 VIA - Connection Profile Options Configuration Option Description VIA Servers Enter the following information about the VIA controller.  Hostname/IP Address: This is the public IP address or the DNS hostname of your VIA Server / controller. Users will connect to this remote server using the IP address or the hostname.  Internal IP Address: This is the IP address of any of the VLAN interface IP addresses belonging to this VIA server.  Description: This is a human-readable description of the VIA server. Click the Add button after you have entered all the details. If you have more than one VIA controller you re-order them by clicking the Up and Down arrows. To delete a VIA server from your list, select a server and click the Delete button. VIA Authentication Profiles to provision This is the list of VIA authentication profiles that will be displayed to users in the VIA client. See “Create VIA Authentication Profile” on page 20.  Select an authentication profile and click the Add button to add to the authentication profiles list.  You can change the order of the list by clicking the Up and Down arrows.  To delete an authentication profile, select a profile name and click the Delete button.
  • 23. Aruba VIA 2.0.1 Linux Edition | User Guide Controller Configuration | 23 VIA tunneled networks A list of network destination (IP address and netmask) that the VIA client will tunnel through the controller. All other network destinations will be reachable directly by the VIA client.  Enter an IP address and network mask. Click the Add button to add them to the tunneled networks list.  To delete a network entry, select the IP address and click the Delete button. VIA Client WLAN profiles A list of VIA client WLAN profiles that needs to be pushed to the client machines that use Windows Zero Config (WZC) to configure or manage their wireless networks.  Select a WLAN profile and click the Add button to add to the client WLAN profiles list.  To delete an entry, select the profile name and click the Delete button. See “Create VIA Roles” on page 26 for more information. VIA IKE V2 Policy List of available IKEv2 policies. VIA IKE Policy List of IKE policies that the VIA Client has to use to connect to the controller. These IKE policies are configured under Configuration > Advanced Services > VPN Services > IPSEC > IKE Policies. Use Credentials Enable or disable the use of the Windows credentials to login to VIA. If enabled, the SSO (Single Sign-on) feature can be utilized by remote users to connect to internal resources. Default: Enabled Enable IKEv2 Select this option to enable or disable the use of IKEv2 policies for VIA. IKEv2 Authentication method. List of all IKEv2 authentication methods. VIA IPSec V2 Crypto Map List of all IPSec V2 that the VIA client uses to connect to the controller. VIA IPSec Crypto Map List of IPSec Crypto Map that the VIA client uses to connect to the controller. These IPSec Crypto Maps are configured in CLI using the crypto-local ipsec-map <ipsec-map-name> command. VIA Client Network Mask The network mask that has to be set on the client after the VPN connection is established. Default: 255.255.255.255 VIA Client DNS Suffix List The DNS suffix list (comma separated) that has be set on the client once the VPN connection is established. Default: None. VIA Support E-mail Address The support e-mail address to which VIA users will send client logs. Default: None. VIA external download URL End users will use this URL to download VIA on their computers. Content Security Gateway URL If the split-tunnel is enabled, access to external (non-corporate) web sites will be verified by the specified content security service provider. See the Content Security Service chapter in the latest ArubaOS user guide for details about Aruba content security service. Enable Content Security Services Select this checkbox to enable content security service. You must install the Content Security Services licenses to use this option. See the Software Licenses chapter in the latest ArubaOS user guide for more information on licenses. Table 5 VIA - Connection Profile Options Configuration Option Description
  • 24. 24 | Controller Configuration Aruba VIA 2.0.1 Linux Edition | User Guide Client Auto-Login Enable or disable VIA client to auto login and establish a secure connection to the controller. Default: Enabled Allow client to auto-upgrade Enable or disable VIA client to automatically upgrade when an updated version of the client is available on the controller. Default: Enabled Enable split-tunneling Enable or disable split tunneling.  If enabled, all traffic to the VIA tunneled networks (Step 3 in this table) will go through the controller and the rest is just bridged directly on the client.  If disabled, all traffic will flow through the controller. Default: off Allow client-side logging Enable or disable client side logging. If enabled, VIA client will collect logs that can be sent to the support email-address for troubleshooting. Default: Enabled Allow user to save passwords Enable or disable users to save passwords entered in VIA. Default: Enabled Lockdown All Settings If enabled, all user option on the VIA client are disabled. Enable Controllers Load Balance Enable this option to allow the VIA client to failover to the next available controller selected randomly from the list as configured in the VIA Servers option. If disabled, VIA will failover to the next controller in the sequence of ordered list of VIA Servers. Enable Domain Pre-Connect Enable this option to allow users with lost or expired passwords to establish a VIA connection to corporate network. This option authenticates the user’s device and establishes a VIA connection that allows users to reset credentials and continue with corporate access. Validate Server Certificate Enable or disable VIA from validating the server certificate presented by the controller. Default: Enabled VIA max session timeout The maximum time (minutes) allowed before the VIA session is disconnected. Default: 1440 min VIA Logon Script Specify the name of the logon script that must be executed after VIA establishes a secure connection. The logon script must reside in the client computer. VIA Logoff Script Specify the name of the log-off script that must be executed after the VIA connection is disconnected. The logoff script must reside in the client computer. Maximum reconnection attempts The maximum number of re-connection attempts by the VIA client due to authentication failures. Default: 3 Allow user to disconnect VIA Enable or disable users to disconnect their VIA sessions. Default: on Comma separated list of HTTP ports to be inspected (apart from default port 80) Traffic from the specified ports will be verified by the content security service provider. Table 5 VIA - Connection Profile Options Configuration Option Description
  • 25. Aruba VIA 2.0.1 Linux Edition | User Guide Controller Configuration | 25 Configure VIA Web Authentication To configure VIA web authentication profile: 1. Navigate to Configuration > Security > Authentication > L3 Authentication tab. 2. Expand VIA Web Authentication and click on default profile. You can have only one profile (default) for VIA web authentication. 3. Select a profile from VIA Authentication Profile drop-down list box and click the Add button.  To re-order profiles, click the Up and Down button.  To delete a profile, select a profile and click the Delete button. 4. If a profile is not selected, the default VIA authentication profile is used. Figure 8 VIA - Select VIA Authentication Profile Associate VIA Connection Profile to User Role To associate a VIA connection profile to a user role: 1. Navigate to Configuration > Security > Access Control > User Roles tab. 2. Select the VIA user role (See “Create VIA User Roles” on page 20) and click the Edit button. 3. In the Edit Role page, navigate to VIA Connection Profile and select the connection profile from the drop-down list box and click the Change button. 4. Click the Apply button to save the changes to the configuration. Keep VIA window minimized Enable this option to minimize the VIA client to system tray during the connection phase. Applicable to VIA client installed in computers running Microsoft Windows operating system. Table 5 VIA - Connection Profile Options Configuration Option Description
  • 26. 26 | Controller Configuration Aruba VIA 2.0.1 Linux Edition | User Guide Figure 9 VIA - Associate VIA Connection Profile to User Role Create VIA Roles (host) (config) #user-role example-via-role (host) (config-role) #access-list session "allowall" position 1 (host) (config-role) #ipv6 session-acl "v6-allowall" position 2 Create VIA Authentication Profiles (host) (config) #aaa server-group "via-server-group" (host) (Server Group "via-server-group") #auth-server "Internal" position 1 (host) (Server Group "via-server-group") #aaa authentication via auth-profile default (host) (VIA Authentication Profile "default") #default-role example-via-role (host) (VIA Authentication Profile "default") #auth-protocol mschapv2 (host) (VIA Authentication Profile "default") #desc "Default VIA Authentication Profile" (host) (VIA Authentication Profile "default") #server-group "via-server-group" Create VIA Connection Profiles (host) (config) #aaa authentication via connection-profile "via" (host) (VIA Connection Profile "via") #server addr 202.100.10.100 internal-ip 10.11.12.13 desc "VIA Primary Controller" position 0 host) (VIA Connection Profile "via" (host) (VIA Connection Profile "via") #auth-profile "default" position 0 (host) (VIA Connection Profile "via") #tunnel address 10.0.0.0 netmask 255.255.255.0 (host) (VIA Connection Profile "via") #split-tunneling (host) (VIA Connection Profile "via") #windows-credentials (host) (VIA Connection Profile "via") #client-netmask 255.0.0.0 (host) (VIA Connection Profile "via") #dns-suffix-list example.com (host) (VIA Connection Profile "via") #support-email via-support@example.com To enable content security services (CSS), do the following. CSS is available only if you have installed the content security services license. See the Software Licenses chapter in the latest ArubaOS user guide for more information on licenses.. (host) (VIA Connection Profile "via") #enable-csec
  • 27. Aruba VIA 2.0.1 Linux Edition | User Guide Controller Configuration | 27 (host) (VIA Connection Profile "via") #csec-gateway-url https://css.example.com (host) (VIA Connection Profile "via") #csec-http-ports 8080,4343 Enter the following command after you create the client WLAN profile. See “Create VIA Roles” on page 26 (host) (VIA Connection Profile "via") #client-wlan-profile "via_corporate_wpa2" position 0 Configure VIA Web Authentication (host) (config) #aaa authentication via web-auth default (host) (VIA Web Authentication "default") #auth-profile default position 0 You can have only one profile (default) for VIA web authentication. Associate VIA Connection Profile to User Role (host) (config) #user-role "example-via-role" (host) (config-role) #via "via"
  • 28. 28 | Controller Configuration Aruba VIA 2.0.1 Linux Edition | User Guide
  • 29. Aruba VIA 2.0.1 Linux Edition | User Guide DNS Configuration | 29 Appendix B DNS Configuration You must configure the appropriate corporate DNS servers, for use by Virtual Intranet Access (VIA) clients that connect to the controller. Perform the following steps to configure DNS on RHEL and CentOS: 1. Open NetworkManager configuration file in text editor (root permissions required): #sudo gedit /etc/NetworkManager/NetworkManager.conf add the following string: “.keyfile” to the section main:RHEL and CentOS [main] plugins=ifcfg-rh,keyfile 2. Save and exit from editor, restart NetworkManager (or just reboot): #sudo service NetworkManager restart 3. Configure SELinux to allow DNS setup for VIA VPN plug-in. # grep /usr/sbin/NetworkManager /var/log/audit/audit.log | audit2allow -D -M mypol2 # semodule -i mypol2.pp # grep iptables /var/log/audit/audit.log | audit2allow -M mypol3 # semodule -i mypol3.pp 4. To see the list of DNS servers, set check file /etc/resolv.conf and add new DNS #cat /etc/resolv.conf.
  • 30. 30 | DNS Configuration Aruba VIA 2.0.1 Linux Edition | User Guide