SlideShare a Scribd company logo

Creating an 802 1 xv3

Download as DOCX, PDF
Aruba, a Hewlett Packard Enterprise company
Aruba, a Hewlett Packard Enterprise company
Technology
1 of 16
Creating an 802.1X WLAN Release 6.1.2.x – Aruba Controller December 2011 Contents Create and configure a Firewall Policy................................................................................................................................2 Create a User Role ..............................................................................................................................................................3 Adding the Radius Authentication Server...........................................................................................................................5 Create a Server Group - add the Radius Server ..................................................................................................................7 Create and add an 802.1x Authentication Profile...............................................................................................................8 Create the AAA Profile........................................................................................................................................................9 Creating the SSID Profile...................................................................................................................................................10 Create the Virtual AP Profile.............................................................................................................................................12 Create and add the AP System Profile..............................................................................................................................14 Create the new AP Group .................................................................................................................................................15 Checking your work...........................................................................................................................................................16
Create and configure a Firewall Policy Presented are the steps to create a typical firewall policy. The policy preventsUsers connected to the wireless network from providing DHCP addressesyetallowing network Users to request DHCP from the network. NOTE – you cannot create Firewall Policies WITHOUT the proper License (PEF-NG for Release 5.0 and beyond) Go to menu “Configuration” > “Security” > “Access Control” – “Policies” > and select “Add” Enter a name of the new policy, in this example is “myemployee-pol”. Select “Add” to begin adding firewall rules to the ‘myemployee-pol’ policy Using the pull down menus for each category set your policies as desired When all fieldsare set correctly use the ADD button in the lower right corner of this rule to save the rule to the “myemployee-pol” policy. Remember to apply the correct “Action” – in Release 6 the default is “drop”. Continuing configuring and adding rules to meet the needs of the corporate security policies When completed adding all your rules select “Apply”
When completed the new policy should appear similar to the below. This is a simple firewall policy. Don’t forget to “Save Configuration”. Create a User Role Go to “Configuration” > “Security” > “Access Control” and select the tab “User Roles” as shown below. Then click on “ADD”
Enter the name of the new Role Name, in this example “myemployee-role” Under “Firewall Policies” select ADD and with the radio button checked to “Choose from configured policies” use the pull down menu to find, highlight and select the “myemployee-pol” policy created in the previous step. When completed scroll down the page and select “APPLY” Select “Done” when the firewall policy has been added and then at the bottom of the page select “Apply” When completed the new User Role with the firewall policy should appear as:
Adding the Radius Authentication Server Presented are the steps necessary to configure a Radius server the Aruba controller will use to authenticate Users connecting to the WLAN. This is an existing Radius server within your network. Go to menu “Configuration” > “Security” > “Authentication” Click on the “RADIUSServer” to expand the group window in the right window. Add your new Radius server name “myemployee-rad” and click ADD Select and check “APPLY” at the bottom of the right window to save the changes. Radius Authentication Server Added Now click on the new Radius “myemployee-rad” to expand and configure the Radius server details
Enter the details of your Radius Server in the controller Host = IP address of your Radius Server (example 172.16.0.252) NAS ID = Name of the Network Access Server, in this example the Aruba Controller name (Aruba3200) NAS IP = IP Address of the Aruba Controller (172.16.0.3) Key = the secret Key passed from Controller to Radius to allow the controller to authenticate Users Names/Passwords Click “APPLY” at the bottom of the page to save the changes. Ensure that your Radius server has the Aruba Controller configured per the above and the controller is recognized as a NAS server within your Radius. Below we are using the controllers “Diagnostics” > “AAA Test Server” function to test Radius authentication between the controller and the Radius server using an existing Radius account (user name and password). Note – if the MSCHAPv2 fails attempt testing with “PAP” checked. Click “APPLY” at the bottom of the page and “Save Configuration”
Create a Server Group - add the Radius Server The new Radius server will now be added to a Server Group While in the “Configuration” > “Security” > “Authentication” menu select the “Servers” tab Enter the name of the Server Group and select “ADD” When completed click on the new Server Group created Using the pull down menu select the Radius server created in the previous step Click “Add Server” Click “Apply” and the bottom of the page Adding Radius server to the Server Group is completed.
Create and add an 802.1x Authentication Profile Presented are the steps necessary to define and configure an802.1 Authentication Profile within the Controller. While in the “Configuration” > “Security” > “Authentication” menu select the “L2 Authentication tab And select and expand the“802.1X Authentication Profile” Enter the name of the new 802.1X profile (example myemployee-1x) and click ADD Now in the left column click on and expand the newly created Profile Select the following (typical settings for connection of Windows networks / servers with Radius front ends): Termination = check ON, the controller will terminate the EAP tunnel from the client Termination EAP-Type = eap-peap Termination Inner EAP-Type = eap-mschapv2 “Apply” and “Save Configuration”
Create the AAA Profile While in the “Configuration” > “Security” > “Authentication” menu select the “AAA Profiles” tab. Select “ADD” and then enter the new AAA Profile name and select “Add”again (in this example “myemployee-aaa”). When completed –still in the AAA Profiles - click to expand the new AAA Profile (myemployee-aaa) that was just created. Using the pull down menu set the 802.1X Authentication Default Roleto “myemployee-role” Click “Apply” at the bottom right of the panel when done With the “myemployee-aaa” still open / expanded scroll down and click on the “802.1X Authentication Profile” in the left column Using the pull down select and set the 802.1X Authentication Profile to “myemployee-1x” When completed select “APPLY” at the bottom of the page.
With the “myemployee-aaa” still open / expanded scroll down and click on the “802.1X Authentication Server Group” in the left column Using the pull down select and set the 802.1X Authentication Server Group to “myemployee-serv” DO NOT FORGET to select “APPLY” at the bottom of the page and “Save Configuration” Creating the SSID Profile In the left column scroll down and find “ADVANCED SERVICES” >“All Profiles”and click on “All Profiles” Select and click on the “Wireless LAN” to expand this section
With the Wireless LAN section expanded, scroll down to find, click on and expand the “SSID Profile” Enter the name of the new SSID Profile – click “Add” Click on the new SSID Profile to configure the details Enter the Network Name (SSID) = myemployee (This is the SSID name that will be broadcast and seen in the air – example here: “myemployee”) Select “Apply” at the bottom of the page Note the Network Authentication and Encryption has not been set - select the “Advanced” tab to set these parameters Select the Encryption methods you prefer or that your WLAN hosts will support In this example “wpa2-aes” has been selected When completed click “Apply” and “Save Configuration”
Create the Virtual AP Profile Scroll down and find and click on the “Virtual AP Profile” to expand this menu section Enter the name of the new virtual AP (myemployee-vir) and click “Add” Now click on and expand the new myemployee Virtual AP Profile Select and set the VLAN Users (if desired) will be placed in Click on “Apply” at the bottom of the page Move down the menu and click on the “AAA-Profile” within the “myemployee-vir” Virtual AP profile Using the pull down menu select the “myemployee-aaa” Click on “Apply” at the bottom of the page
Move down the menu and click on the “SSID-Profile” within the “myemployee-vir” Virtual AP profile Using the pull down menu select the “myemployee-ssid” Your Virtual AP profile should now be complete Click on “Save Configuration”
Create and add the AP System Profile While in the “All Profile Management” window now click on and expand the “AP” section. (Full menu path = “Configuration” > “Advanced Services” > “All Profiles” > “AP”). Enter the new AP system profile name (in this example “myemployee-apsys”) and click “ADD” Once created click on and expand the new “myemployee-apsys” profile In basic networks it may not be necessary to enter the LMS IP (controller IP address where AP’s will terminate). “Save Configuration” after adding the new AP system profile. Configuration in the All Profiles Management section is complete.
Create the new AP Group Go to and select “Configuration” > “Wireless” > “AP Configuration” menu Select “NEW” Enter and “ADD” the new AP Group name (in this example “MainBuilding”) Once the new AP Group has been added select “Edit” button of the AP Group Click on and expand the “Wireless LAN” to display the “Virtual AP” Click on and expand the “Virtual AP” Use the pull down to highlight and select the “myemployee-vir” profile. Click on “Add” to display the screen below The AAA Profile and the SSID Profile are now “myemployee” Click “Apply” at the bottom of the page to save the selection and “Save Configuration” when complete
Checking your work With an AP connected and provisioned correctly, login to the Controller CLI Have a user login to the wireless network and display the following CLI commands (Aruba3200) #show user User logged in with credentials, is authenticated and is in the correct Role (Aruba3200) #show auth-tracebuf mac f8:7b:7a:68:f5:da Display the details of the authentication flow (Aruba3200) #show dot1x supplicant-info list-all

Recommended

Creating an 802 1 xv3
Creating an 802 1 xv3Creating an 802 1 xv3
Creating an 802 1 xv3Aruba, a Hewlett Packard Enterprise company
 
Guest wlan via gu iv3
Guest wlan via gu iv3Guest wlan via gu iv3
Guest wlan via gu iv3Aruba, a Hewlett Packard Enterprise company
 
Aruba cppm 6_1_user_guide
Aruba cppm 6_1_user_guideAruba cppm 6_1_user_guide
Aruba cppm 6_1_user_guideAruba, a Hewlett Packard Enterprise company
 
Ip Phone Apps Training
Ip Phone Apps TrainingIp Phone Apps Training
Ip Phone Apps Trainingbhillis1
 
VMware 2V0-21.20 Practice Test
VMware 2V0-21.20 Practice Test VMware 2V0-21.20 Practice Test
VMware 2V0-21.20 Practice Test Armstrongsmith
 
ARPMiner Manual
ARPMiner ManualARPMiner Manual
ARPMiner ManualYasin KAPLAN
 
Load Balancer Device and Configurations.
Load Balancer Device and Configurations.Load Balancer Device and Configurations.
Load Balancer Device and Configurations.Web Werks Data Centers
 
Enabling Oracle EM12c-based MWaaS on VMware with the Blue Medora Plugin for V...
Enabling Oracle EM12c-based MWaaS on VMware with the Blue Medora Plugin for V...Enabling Oracle EM12c-based MWaaS on VMware with the Blue Medora Plugin for V...
Enabling Oracle EM12c-based MWaaS on VMware with the Blue Medora Plugin for V...Blue Medora
 

Recommended

Creating an 802 1 xv3
Creating an 802 1 xv3Creating an 802 1 xv3
Creating an 802 1 xv3Aruba, a Hewlett Packard Enterprise company
 
Guest wlan via gu iv3
Guest wlan via gu iv3Guest wlan via gu iv3
Guest wlan via gu iv3Aruba, a Hewlett Packard Enterprise company
 
Aruba cppm 6_1_user_guide
Aruba cppm 6_1_user_guideAruba cppm 6_1_user_guide
Aruba cppm 6_1_user_guideAruba, a Hewlett Packard Enterprise company
 
Ip Phone Apps Training
Ip Phone Apps TrainingIp Phone Apps Training
Ip Phone Apps Trainingbhillis1
 
VMware 2V0-21.20 Practice Test
VMware 2V0-21.20 Practice Test VMware 2V0-21.20 Practice Test
VMware 2V0-21.20 Practice Test Armstrongsmith
 
ARPMiner Manual
ARPMiner ManualARPMiner Manual
ARPMiner ManualYasin KAPLAN
 
Load Balancer Device and Configurations.
Load Balancer Device and Configurations.Load Balancer Device and Configurations.
Load Balancer Device and Configurations.Web Werks Data Centers
 
Enabling Oracle EM12c-based MWaaS on VMware with the Blue Medora Plugin for V...
Enabling Oracle EM12c-based MWaaS on VMware with the Blue Medora Plugin for V...Enabling Oracle EM12c-based MWaaS on VMware with the Blue Medora Plugin for V...
Enabling Oracle EM12c-based MWaaS on VMware with the Blue Medora Plugin for V...Blue Medora
 
Rap installation updated
Rap installation updatedRap installation updated
Rap installation updatedAruba, a Hewlett Packard Enterprise company
 
2012 ah apj guest access fundamentals
2012 ah apj guest access fundamentals2012 ah apj guest access fundamentals
2012 ah apj guest access fundamentalsAruba, a Hewlett Packard Enterprise company
 
2012 ah vegas guest access fundamentals
2012 ah vegas guest access fundamentals2012 ah vegas guest access fundamentals
2012 ah vegas guest access fundamentalsAruba, a Hewlett Packard Enterprise company
 
2012 ah vegas remote networking fundamentals
2012 ah vegas remote networking fundamentals2012 ah vegas remote networking fundamentals
2012 ah vegas remote networking fundamentalsAruba, a Hewlett Packard Enterprise company
 
2012 ah vegas unified access fundamentals
2012 ah vegas unified access fundamentals2012 ah vegas unified access fundamentals
2012 ah vegas unified access fundamentalsAruba, a Hewlett Packard Enterprise company
 
Mac authentication amigopod radius
Mac authentication amigopod radiusMac authentication amigopod radius
Mac authentication amigopod radiusAruba, a Hewlett Packard Enterprise company
 
Aruba webinar dorm wi fi design v4
Aruba webinar dorm wi fi design v4Aruba webinar dorm wi fi design v4
Aruba webinar dorm wi fi design v4Aruba, a Hewlett Packard Enterprise company
 
Hello instant 0612_1a
Hello instant 0612_1aHello instant 0612_1a
Hello instant 0612_1aAruba, a Hewlett Packard Enterprise company
 
Security intermediate practical cryptography_certs_and 802.1_x_rich langston...
Security intermediate practical cryptography_certs_and 802.1_x_rich langston...Security intermediate practical cryptography_certs_and 802.1_x_rich langston...
Security intermediate practical cryptography_certs_and 802.1_x_rich langston...Aruba, a Hewlett Packard Enterprise company
 
Gigabit wifi 802.11 ac in depth_peter thornycroft
Gigabit wifi 802.11 ac in depth_peter thornycroftGigabit wifi 802.11 ac in depth_peter thornycroft
Gigabit wifi 802.11 ac in depth_peter thornycroftAruba, a Hewlett Packard Enterprise company
 
Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...
Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...
Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...Aruba, a Hewlett Packard Enterprise company
 
Do d directives regarding wireless lan
Do d directives regarding wireless lanDo d directives regarding wireless lan
Do d directives regarding wireless lanAruba, a Hewlett Packard Enterprise company
 
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...Aruba, a Hewlett Packard Enterprise company
 
Spectralink airheads 2013
Spectralink airheads 2013Spectralink airheads 2013
Spectralink airheads 2013Aruba, a Hewlett Packard Enterprise company
 
2012 ah vegas top10 tips from aruba tac
2012 ah vegas top10 tips from aruba tac2012 ah vegas top10 tips from aruba tac
2012 ah vegas top10 tips from aruba tacAruba, a Hewlett Packard Enterprise company
 
Aruba networks webinar_wi-fi_without_interruption_sep20_2012
Aruba networks webinar_wi-fi_without_interruption_sep20_2012Aruba networks webinar_wi-fi_without_interruption_sep20_2012
Aruba networks webinar_wi-fi_without_interruption_sep20_2012Aruba, a Hewlett Packard Enterprise company
 
Aruba instant the easy button for wireless gokul rajagopalan
Aruba instant the easy button for wireless gokul rajagopalanAruba instant the easy button for wireless gokul rajagopalan
Aruba instant the easy button for wireless gokul rajagopalanAruba, a Hewlett Packard Enterprise company
 
8 software defined networking and traffic engineering partha narasimhan_ash c...
8 software defined networking and traffic engineering partha narasimhan_ash c...8 software defined networking and traffic engineering partha narasimhan_ash c...
8 software defined networking and traffic engineering partha narasimhan_ash c...Aruba, a Hewlett Packard Enterprise company
 
2012 ah emea advanced mobility design
2012 ah emea advanced mobility design2012 ah emea advanced mobility design
2012 ah emea advanced mobility designAruba, a Hewlett Packard Enterprise company
 
Airheads vail 2011 pci 2.0 compliance
Airheads vail 2011 pci 2.0 complianceAirheads vail 2011 pci 2.0 compliance
Airheads vail 2011 pci 2.0 complianceAruba, a Hewlett Packard Enterprise company
 
Rap split tunnelv2
Rap split tunnelv2Rap split tunnelv2
Rap split tunnelv2Aruba, a Hewlett Packard Enterprise company
 
Palo Alto Networks PANOS 5.0 Radius Authentication OTP using Yubikey
Palo Alto Networks PANOS 5.0 Radius Authentication OTP using YubikeyPalo Alto Networks PANOS 5.0 Radius Authentication OTP using Yubikey
Palo Alto Networks PANOS 5.0 Radius Authentication OTP using YubikeyAlberto Rivai
 

More Related Content

Viewers also liked

Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...
Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...
Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...Aruba, a Hewlett Packard Enterprise company
 
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...Aruba, a Hewlett Packard Enterprise company
 
8 software defined networking and traffic engineering partha narasimhan_ash c...
8 software defined networking and traffic engineering partha narasimhan_ash c...8 software defined networking and traffic engineering partha narasimhan_ash c...
8 software defined networking and traffic engineering partha narasimhan_ash c...Aruba, a Hewlett Packard Enterprise company
 

Viewers also liked (20)

Rap installation updated
Rap installation updatedRap installation updated
Rap installation updated
 
2012 ah apj guest access fundamentals
2012 ah apj guest access fundamentals2012 ah apj guest access fundamentals
2012 ah apj guest access fundamentals
 
2012 ah vegas guest access fundamentals
2012 ah vegas guest access fundamentals2012 ah vegas guest access fundamentals
2012 ah vegas guest access fundamentals
 
2012 ah vegas remote networking fundamentals
2012 ah vegas remote networking fundamentals2012 ah vegas remote networking fundamentals
2012 ah vegas remote networking fundamentals
 
2012 ah vegas unified access fundamentals
2012 ah vegas unified access fundamentals2012 ah vegas unified access fundamentals
2012 ah vegas unified access fundamentals
 
Mac authentication amigopod radius
Mac authentication amigopod radiusMac authentication amigopod radius
Mac authentication amigopod radius
 
Aruba webinar dorm wi fi design v4
Aruba webinar dorm wi fi design v4Aruba webinar dorm wi fi design v4
Aruba webinar dorm wi fi design v4
 
Hello instant 0612_1a
Hello instant 0612_1aHello instant 0612_1a
Hello instant 0612_1a
 
Security intermediate practical cryptography_certs_and 802.1_x_rich langston...
Security intermediate practical cryptography_certs_and 802.1_x_rich langston...Security intermediate practical cryptography_certs_and 802.1_x_rich langston...
Security intermediate practical cryptography_certs_and 802.1_x_rich langston...
 
Gigabit wifi 802.11 ac in depth_peter thornycroft
Gigabit wifi 802.11 ac in depth_peter thornycroftGigabit wifi 802.11 ac in depth_peter thornycroft
Gigabit wifi 802.11 ac in depth_peter thornycroft
 
Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...
Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...
Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...
 
Do d directives regarding wireless lan
Do d directives regarding wireless lanDo d directives regarding wireless lan
Do d directives regarding wireless lan
 
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
 
Spectralink airheads 2013
Spectralink airheads 2013Spectralink airheads 2013
Spectralink airheads 2013
 
2012 ah vegas top10 tips from aruba tac
2012 ah vegas top10 tips from aruba tac2012 ah vegas top10 tips from aruba tac
2012 ah vegas top10 tips from aruba tac
 
Aruba networks webinar_wi-fi_without_interruption_sep20_2012
Aruba networks webinar_wi-fi_without_interruption_sep20_2012Aruba networks webinar_wi-fi_without_interruption_sep20_2012
Aruba networks webinar_wi-fi_without_interruption_sep20_2012
 
Aruba instant the easy button for wireless gokul rajagopalan
Aruba instant the easy button for wireless gokul rajagopalanAruba instant the easy button for wireless gokul rajagopalan
Aruba instant the easy button for wireless gokul rajagopalan
 
8 software defined networking and traffic engineering partha narasimhan_ash c...
8 software defined networking and traffic engineering partha narasimhan_ash c...8 software defined networking and traffic engineering partha narasimhan_ash c...
8 software defined networking and traffic engineering partha narasimhan_ash c...
 
2012 ah emea advanced mobility design
2012 ah emea advanced mobility design2012 ah emea advanced mobility design
2012 ah emea advanced mobility design
 
Airheads vail 2011 pci 2.0 compliance
Airheads vail 2011 pci 2.0 complianceAirheads vail 2011 pci 2.0 compliance
Airheads vail 2011 pci 2.0 compliance
 

Similar to Creating an 802 1 xv3

Palo Alto Networks PANOS 5.0 Radius Authentication OTP using Yubikey
Palo Alto Networks PANOS 5.0 Radius Authentication OTP using YubikeyPalo Alto Networks PANOS 5.0 Radius Authentication OTP using Yubikey
Palo Alto Networks PANOS 5.0 Radius Authentication OTP using YubikeyAlberto Rivai
 
Amazon AWS Identity Access Management
Amazon AWS Identity Access ManagementAmazon AWS Identity Access Management
Amazon AWS Identity Access ManagementVCP Muthukrishna
 
User id installation and configuration
User id installation and configurationUser id installation and configuration
User id installation and configurationAlberto Rivai
 
Three Tier Architecture Project Using AWS.pdf
Three Tier Architecture Project Using AWS.pdfThree Tier Architecture Project Using AWS.pdf
Three Tier Architecture Project Using AWS.pdfAyomide Ogunsanya
 
Psn3661u
Psn3661uPsn3661u
Psn3661uAnu R.N
 
Detect and fix the azure sql resources which uses tls version less than 1.2
Detect and fix the azure sql resources which uses tls version less than 1.2Detect and fix the azure sql resources which uses tls version less than 1.2
Detect and fix the azure sql resources which uses tls version less than 1.2Prancer Io
 
Orangescrum Client management Add on User Manual
Orangescrum Client management Add on User ManualOrangescrum Client management Add on User Manual
Orangescrum Client management Add on User ManualOrangescrum
 
How to use prancer to detect and fix the azure sql resources which uses tls v...
How to use prancer to detect and fix the azure sql resources which uses tls v...How to use prancer to detect and fix the azure sql resources which uses tls v...
How to use prancer to detect and fix the azure sql resources which uses tls v...Prancer Io
 
0417 HK AWS Hands-on Lab Series 2019 for Enterprise Data Protection in Enterp...
0417 HK AWS Hands-on Lab Series 2019 for Enterprise Data Protection in Enterp...0417 HK AWS Hands-on Lab Series 2019 for Enterprise Data Protection in Enterp...
0417 HK AWS Hands-on Lab Series 2019 for Enterprise Data Protection in Enterp...Amazon Web Services
 
How To Install and Configure AWS CLI for Windows
How To Install and Configure AWS CLI for WindowsHow To Install and Configure AWS CLI for Windows
How To Install and Configure AWS CLI for WindowsVCP Muthukrishna
 
Database users authentication obiee 11 g
Database users authentication obiee 11 gDatabase users authentication obiee 11 g
Database users authentication obiee 11 gRavi Kumar Lanke
 
Obiee 11g security creating users groups and catalog permissions
Obiee 11g security creating users groups and catalog permissionsObiee 11g security creating users groups and catalog permissions
Obiee 11g security creating users groups and catalog permissionsRavi Kumar Lanke
 
TECHNICAL WHITE PAPER▶ Applying Data Center Security with VMware NSX
TECHNICAL WHITE PAPER▶ Applying Data Center Security with VMware NSXTECHNICAL WHITE PAPER▶ Applying Data Center Security with VMware NSX
TECHNICAL WHITE PAPER▶ Applying Data Center Security with VMware NSXSymantec
 
MageMob Cart Android & iOS Application
MageMob Cart Android & iOS ApplicationMageMob Cart Android & iOS Application
MageMob Cart Android & iOS ApplicationAppJetty
 

Similar to Creating an 802 1 xv3 (20)

Rap split tunnelv2
Rap split tunnelv2Rap split tunnelv2
Rap split tunnelv2
 
Palo Alto Networks PANOS 5.0 Radius Authentication OTP using Yubikey
Palo Alto Networks PANOS 5.0 Radius Authentication OTP using YubikeyPalo Alto Networks PANOS 5.0 Radius Authentication OTP using Yubikey
Palo Alto Networks PANOS 5.0 Radius Authentication OTP using Yubikey
 
Amazon AWS Identity Access Management
Amazon AWS Identity Access ManagementAmazon AWS Identity Access Management
Amazon AWS Identity Access Management
 
User id installation and configuration
User id installation and configurationUser id installation and configuration
User id installation and configuration
 
Aruba VIA 2.0 (Mac) User Guide
Aruba VIA 2.0 (Mac) User GuideAruba VIA 2.0 (Mac) User Guide
Aruba VIA 2.0 (Mac) User Guide
 
Three Tier Architecture Project Using AWS.pdf
Three Tier Architecture Project Using AWS.pdfThree Tier Architecture Project Using AWS.pdf
Three Tier Architecture Project Using AWS.pdf
 
Psn3661u
Psn3661uPsn3661u
Psn3661u
 
Detect and fix the azure sql resources which uses tls version less than 1.2
Detect and fix the azure sql resources which uses tls version less than 1.2Detect and fix the azure sql resources which uses tls version less than 1.2
Detect and fix the azure sql resources which uses tls version less than 1.2
 
Orangescrum Client management Add on User Manual
Orangescrum Client management Add on User ManualOrangescrum Client management Add on User Manual
Orangescrum Client management Add on User Manual
 
Aruba VIA 2.0 User Guide
Aruba VIA 2.0 User GuideAruba VIA 2.0 User Guide
Aruba VIA 2.0 User Guide
 
Aruba instant iap setup rev3
Aruba instant iap setup rev3Aruba instant iap setup rev3
Aruba instant iap setup rev3
 
How to use prancer to detect and fix the azure sql resources which uses tls v...
How to use prancer to detect and fix the azure sql resources which uses tls v...How to use prancer to detect and fix the azure sql resources which uses tls v...
How to use prancer to detect and fix the azure sql resources which uses tls v...
 
Build Restful Service using ADFBC
Build Restful Service using ADFBCBuild Restful Service using ADFBC
Build Restful Service using ADFBC
 
0417 HK AWS Hands-on Lab Series 2019 for Enterprise Data Protection in Enterp...
0417 HK AWS Hands-on Lab Series 2019 for Enterprise Data Protection in Enterp...0417 HK AWS Hands-on Lab Series 2019 for Enterprise Data Protection in Enterp...
0417 HK AWS Hands-on Lab Series 2019 for Enterprise Data Protection in Enterp...
 
How To Install and Configure AWS CLI for Windows
How To Install and Configure AWS CLI for WindowsHow To Install and Configure AWS CLI for Windows
How To Install and Configure AWS CLI for Windows
 
ISE-802.1X-MAB
ISE-802.1X-MABISE-802.1X-MAB
ISE-802.1X-MAB
 
Database users authentication obiee 11 g
Database users authentication obiee 11 gDatabase users authentication obiee 11 g
Database users authentication obiee 11 g
 
Obiee 11g security creating users groups and catalog permissions
Obiee 11g security creating users groups and catalog permissionsObiee 11g security creating users groups and catalog permissions
Obiee 11g security creating users groups and catalog permissions
 
TECHNICAL WHITE PAPER▶ Applying Data Center Security with VMware NSX
TECHNICAL WHITE PAPER▶ Applying Data Center Security with VMware NSXTECHNICAL WHITE PAPER▶ Applying Data Center Security with VMware NSX
TECHNICAL WHITE PAPER▶ Applying Data Center Security with VMware NSX
 
MageMob Cart Android & iOS Application
MageMob Cart Android & iOS ApplicationMageMob Cart Android & iOS Application
MageMob Cart Android & iOS Application
 

More from Aruba, a Hewlett Packard Enterprise company

More from Aruba, a Hewlett Packard Enterprise company (20)

Airheads Tech Talks: Cloud Guest SSID on Aruba Central
Airheads Tech Talks: Cloud Guest SSID on Aruba CentralAirheads Tech Talks: Cloud Guest SSID on Aruba Central
Airheads Tech Talks: Cloud Guest SSID on Aruba Central
 
Airheads Tech Talks: Understanding ClearPass OnGuard Agents
Airheads Tech Talks: Understanding ClearPass OnGuard AgentsAirheads Tech Talks: Understanding ClearPass OnGuard Agents
Airheads Tech Talks: Understanding ClearPass OnGuard Agents
 
Airheads Tech Talks: Advanced Clustering in AOS 8.x
Airheads Tech Talks: Advanced Clustering in AOS 8.xAirheads Tech Talks: Advanced Clustering in AOS 8.x
Airheads Tech Talks: Advanced Clustering in AOS 8.x
 
EMEA Airheads_ Advance Aruba Central
EMEA Airheads_ Advance Aruba CentralEMEA Airheads_ Advance Aruba Central
EMEA Airheads_ Advance Aruba Central
 
EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.x
EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.xEMEA Airheads_ Aruba AppRF – AOS 6.x & 8.x
EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.x
 
EMEA Airheads- Switch stacking_ ArubaOS Switch
EMEA Airheads- Switch stacking_ ArubaOS SwitchEMEA Airheads- Switch stacking_ ArubaOS Switch
EMEA Airheads- Switch stacking_ ArubaOS Switch
 
EMEA Airheads- LACP and distributed LACP – ArubaOS Switch
EMEA Airheads- LACP and distributed LACP – ArubaOS SwitchEMEA Airheads- LACP and distributed LACP – ArubaOS Switch
EMEA Airheads- LACP and distributed LACP – ArubaOS Switch
 
Introduction to AirWave 10
Introduction to AirWave 10Introduction to AirWave 10
Introduction to AirWave 10
 
EMEA Airheads- Virtual Switching Framework- Aruba OS Switch
EMEA Airheads- Virtual Switching Framework- Aruba OS SwitchEMEA Airheads- Virtual Switching Framework- Aruba OS Switch
EMEA Airheads- Virtual Switching Framework- Aruba OS Switch
 
EMEA Airheads- Aruba Central with Instant AP
EMEA Airheads- Aruba Central with Instant APEMEA Airheads- Aruba Central with Instant AP
EMEA Airheads- Aruba Central with Instant AP
 
EMEA Airheads- AirGroup profiling changes across 8.1 & 8.2 – ArubaOS 8.x
EMEA Airheads- AirGroup profiling changes across 8.1 & 8.2 – ArubaOS 8.xEMEA Airheads- AirGroup profiling changes across 8.1 & 8.2 – ArubaOS 8.x
EMEA Airheads- AirGroup profiling changes across 8.1 & 8.2 – ArubaOS 8.x
 
EMEA Airheads- Getting Started with the ClearPass REST API – CPPM
EMEA Airheads- Getting Started with the ClearPass REST API – CPPMEMEA Airheads- Getting Started with the ClearPass REST API – CPPM
EMEA Airheads- Getting Started with the ClearPass REST API – CPPM
 
EMEA Airheads - AP Discovery Logic and AP Deployment
EMEA Airheads - AP Discovery Logic and AP DeploymentEMEA Airheads - AP Discovery Logic and AP Deployment
EMEA Airheads - AP Discovery Logic and AP Deployment
 
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.xEMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x
 
EMEA Airheads- Manage Devices at Branch Office (BOC)
EMEA Airheads- Manage Devices at Branch Office (BOC)EMEA Airheads- Manage Devices at Branch Office (BOC)
EMEA Airheads- Manage Devices at Branch Office (BOC)
 
EMEA Airheads - What does AirMatch do differently?v2
EMEA Airheads - What does AirMatch do differently?v2 EMEA Airheads - What does AirMatch do differently?v2
EMEA Airheads - What does AirMatch do differently?v2
 
Airheads Meetups: 8400 Presentation
Airheads Meetups: 8400 PresentationAirheads Meetups: 8400 Presentation
Airheads Meetups: 8400 Presentation
 
Airheads Meetups: Ekahau Presentation
Airheads Meetups: Ekahau PresentationAirheads Meetups: Ekahau Presentation
Airheads Meetups: Ekahau Presentation
 
Airheads Meetups- High density WLAN
Airheads Meetups- High density WLANAirheads Meetups- High density WLAN
Airheads Meetups- High density WLAN
 
Airheads Meetups- Avans Hogeschool goes Aruba
Airheads Meetups- Avans Hogeschool goes ArubaAirheads Meetups- Avans Hogeschool goes Aruba
Airheads Meetups- Avans Hogeschool goes Aruba
 

Recently uploaded

Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 

Recently uploaded (20)

Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 

Creating an 802 1 xv3

  • 1. Creating an 802.1X WLAN Release 6.1.2.x – Aruba Controller December 2011 Contents Create and configure a Firewall Policy................................................................................................................................2 Create a User Role ..............................................................................................................................................................3 Adding the Radius Authentication Server...........................................................................................................................5 Create a Server Group - add the Radius Server ..................................................................................................................7 Create and add an 802.1x Authentication Profile...............................................................................................................8 Create the AAA Profile........................................................................................................................................................9 Creating the SSID Profile...................................................................................................................................................10 Create the Virtual AP Profile.............................................................................................................................................12 Create and add the AP System Profile..............................................................................................................................14 Create the new AP Group .................................................................................................................................................15 Checking your work...........................................................................................................................................................16
  • 2. Create and configure a Firewall Policy Presented are the steps to create a typical firewall policy. The policy preventsUsers connected to the wireless network from providing DHCP addressesyetallowing network Users to request DHCP from the network. NOTE – you cannot create Firewall Policies WITHOUT the proper License (PEF-NG for Release 5.0 and beyond) Go to menu “Configuration” > “Security” > “Access Control” – “Policies” > and select “Add” Enter a name of the new policy, in this example is “myemployee-pol”. Select “Add” to begin adding firewall rules to the ‘myemployee-pol’ policy Using the pull down menus for each category set your policies as desired When all fieldsare set correctly use the ADD button in the lower right corner of this rule to save the rule to the “myemployee-pol” policy. Remember to apply the correct “Action” – in Release 6 the default is “drop”. Continuing configuring and adding rules to meet the needs of the corporate security policies When completed adding all your rules select “Apply”
  • 3. When completed the new policy should appear similar to the below. This is a simple firewall policy. Don’t forget to “Save Configuration”. Create a User Role Go to “Configuration” > “Security” > “Access Control” and select the tab “User Roles” as shown below. Then click on “ADD”
  • 4. Enter the name of the new Role Name, in this example “myemployee-role” Under “Firewall Policies” select ADD and with the radio button checked to “Choose from configured policies” use the pull down menu to find, highlight and select the “myemployee-pol” policy created in the previous step. When completed scroll down the page and select “APPLY” Select “Done” when the firewall policy has been added and then at the bottom of the page select “Apply” When completed the new User Role with the firewall policy should appear as:
  • 5. Adding the Radius Authentication Server Presented are the steps necessary to configure a Radius server the Aruba controller will use to authenticate Users connecting to the WLAN. This is an existing Radius server within your network. Go to menu “Configuration” > “Security” > “Authentication” Click on the “RADIUSServer” to expand the group window in the right window. Add your new Radius server name “myemployee-rad” and click ADD Select and check “APPLY” at the bottom of the right window to save the changes. Radius Authentication Server Added Now click on the new Radius “myemployee-rad” to expand and configure the Radius server details
  • 6. Enter the details of your Radius Server in the controller Host = IP address of your Radius Server (example 172.16.0.252) NAS ID = Name of the Network Access Server, in this example the Aruba Controller name (Aruba3200) NAS IP = IP Address of the Aruba Controller (172.16.0.3) Key = the secret Key passed from Controller to Radius to allow the controller to authenticate Users Names/Passwords Click “APPLY” at the bottom of the page to save the changes. Ensure that your Radius server has the Aruba Controller configured per the above and the controller is recognized as a NAS server within your Radius. Below we are using the controllers “Diagnostics” > “AAA Test Server” function to test Radius authentication between the controller and the Radius server using an existing Radius account (user name and password). Note – if the MSCHAPv2 fails attempt testing with “PAP” checked. Click “APPLY” at the bottom of the page and “Save Configuration”
  • 7. Create a Server Group - add the Radius Server The new Radius server will now be added to a Server Group While in the “Configuration” > “Security” > “Authentication” menu select the “Servers” tab Enter the name of the Server Group and select “ADD” When completed click on the new Server Group created Using the pull down menu select the Radius server created in the previous step Click “Add Server” Click “Apply” and the bottom of the page Adding Radius server to the Server Group is completed.
  • 8. Create and add an 802.1x Authentication Profile Presented are the steps necessary to define and configure an802.1 Authentication Profile within the Controller. While in the “Configuration” > “Security” > “Authentication” menu select the “L2 Authentication tab And select and expand the“802.1X Authentication Profile” Enter the name of the new 802.1X profile (example myemployee-1x) and click ADD Now in the left column click on and expand the newly created Profile Select the following (typical settings for connection of Windows networks / servers with Radius front ends): Termination = check ON, the controller will terminate the EAP tunnel from the client Termination EAP-Type = eap-peap Termination Inner EAP-Type = eap-mschapv2 “Apply” and “Save Configuration”
  • 9. Create the AAA Profile While in the “Configuration” > “Security” > “Authentication” menu select the “AAA Profiles” tab. Select “ADD” and then enter the new AAA Profile name and select “Add”again (in this example “myemployee-aaa”). When completed –still in the AAA Profiles - click to expand the new AAA Profile (myemployee-aaa) that was just created. Using the pull down menu set the 802.1X Authentication Default Roleto “myemployee-role” Click “Apply” at the bottom right of the panel when done With the “myemployee-aaa” still open / expanded scroll down and click on the “802.1X Authentication Profile” in the left column Using the pull down select and set the 802.1X Authentication Profile to “myemployee-1x” When completed select “APPLY” at the bottom of the page.
  • 10. With the “myemployee-aaa” still open / expanded scroll down and click on the “802.1X Authentication Server Group” in the left column Using the pull down select and set the 802.1X Authentication Server Group to “myemployee-serv” DO NOT FORGET to select “APPLY” at the bottom of the page and “Save Configuration” Creating the SSID Profile In the left column scroll down and find “ADVANCED SERVICES” >“All Profiles”and click on “All Profiles” Select and click on the “Wireless LAN” to expand this section
  • 11. With the Wireless LAN section expanded, scroll down to find, click on and expand the “SSID Profile” Enter the name of the new SSID Profile – click “Add” Click on the new SSID Profile to configure the details Enter the Network Name (SSID) = myemployee (This is the SSID name that will be broadcast and seen in the air – example here: “myemployee”) Select “Apply” at the bottom of the page Note the Network Authentication and Encryption has not been set - select the “Advanced” tab to set these parameters Select the Encryption methods you prefer or that your WLAN hosts will support In this example “wpa2-aes” has been selected When completed click “Apply” and “Save Configuration”
  • 12. Create the Virtual AP Profile Scroll down and find and click on the “Virtual AP Profile” to expand this menu section Enter the name of the new virtual AP (myemployee-vir) and click “Add” Now click on and expand the new myemployee Virtual AP Profile Select and set the VLAN Users (if desired) will be placed in Click on “Apply” at the bottom of the page Move down the menu and click on the “AAA-Profile” within the “myemployee-vir” Virtual AP profile Using the pull down menu select the “myemployee-aaa” Click on “Apply” at the bottom of the page
  • 13. Move down the menu and click on the “SSID-Profile” within the “myemployee-vir” Virtual AP profile Using the pull down menu select the “myemployee-ssid” Your Virtual AP profile should now be complete Click on “Save Configuration”
  • 14. Create and add the AP System Profile While in the “All Profile Management” window now click on and expand the “AP” section. (Full menu path = “Configuration” > “Advanced Services” > “All Profiles” > “AP”). Enter the new AP system profile name (in this example “myemployee-apsys”) and click “ADD” Once created click on and expand the new “myemployee-apsys” profile In basic networks it may not be necessary to enter the LMS IP (controller IP address where AP’s will terminate). “Save Configuration” after adding the new AP system profile. Configuration in the All Profiles Management section is complete.
  • 15. Create the new AP Group Go to and select “Configuration” > “Wireless” > “AP Configuration” menu Select “NEW” Enter and “ADD” the new AP Group name (in this example “MainBuilding”) Once the new AP Group has been added select “Edit” button of the AP Group Click on and expand the “Wireless LAN” to display the “Virtual AP” Click on and expand the “Virtual AP” Use the pull down to highlight and select the “myemployee-vir” profile. Click on “Add” to display the screen below The AAA Profile and the SSID Profile are now “myemployee” Click “Apply” at the bottom of the page to save the selection and “Save Configuration” when complete
  • 16. Checking your work With an AP connected and provisioned correctly, login to the Controller CLI Have a user login to the wireless network and display the following CLI commands (Aruba3200) #show user User logged in with credentials, is authenticated and is in the correct Role (Aruba3200) #show auth-tracebuf mac f8:7b:7a:68:f5:da Display the details of the authentication flow (Aruba3200) #show dot1x supplicant-info list-all