Aruba Wireless with MAC Authentication with Device Registration Service Template

For wireless devices that do not support strong 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. authentication, Policy Manager Device Registration offers a prebuilt registration portal for end users. This service type handles the device authorization from an Aruba Mobility Conductor or Instant AP.

To access the Aruba Wireless with MAC Authentication with Device Registration service template:

1. Navigate to Configuration > Service Templates & Wizards.

2. From the Service Templates & Wizards page, select Aruba Wireless with MAC Authentication with Device Registration. The following page opens:

Figure 1  Aruba Wireless with MAC Authentication with Device Registration Service Template

General Tab

1. Specify the General tab service template parameter as described in the following table:

Table 1: General Tab Parameters

Parameter	Action/Description
General
Name Prefix	Enter a unique prefix that is appended to services using this template. Use this to identify the services that use this template.

2. Click Next or select the Wireless Network Settings tab.

Wireless Network Settings

When you select the Wireless Network Settings tab, the following configuration dialog opens:

Figure 2  Wireless Network Settings Configuration Dialog

1. Specify the Wireless Network Settings tab service template parameters as described in the following table:

Table 2: Wireless Network Settings Parameters

Parameter	Action/Description
Wireless Network Settings
Wireless Controller Name	The Wireless Controller Name is automatically populated when you select a wireless controller. NOTE: The controller must exist in the Policy Manager server's list of network devices (see Adding a Network Device).
Controller IP Address	The Controller IP Address is automatically populated when you select a wireless controller.
Vendor Name	The vendor name is set to: Aruba.
RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  Shared Secret	The RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  Shared Secret is automatically populated when you select a wireless controller.
Enable RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  Dynamic Authorization	If RADIUS Dynamic Authorization has not been automatically enabled, click the check box to enable this option. RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  Dynamic Authorization allows dynamic changes to a user session, as implemented by network access server products. This includes support for disconnecting users and changing authorizations applicable to a user session.
Dynamic Authorization Port	The access point's UDP User Datagram Protocol. UDP is a part of the TCP/IP family of protocols used for data transfer. UDP is typically used for streaming media. UDP is a stateless protocol, which means it does not acknowledge that the packets being sent have been received. Port for Dynamic Authorization must be reachable from your RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  server. The Dynamic Authorization Port is set by default to 3799. This value may not be changed.
Enable RadSec	To enable RadSec, click the Enable RadSec check box. When RadSec is enabled, the RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  shared secret is populated with a default shared secret named “radsec.” NOTE: It's important that the wireless controller is configured with the same shared secret.

2. Click Next or select the Device Roles tab.

Device Roles

Define logical device roles (think tags) that allow for dynamic policy construction; for example, Media Player, Printer, Game Console, Building Controls, etc.

When you select the Device Roles tab, the following configuration dialog opens:

Figure 3  Device Roles Configuration Dialog

3. Select one or more existing roles from the drop-down or type in a role name to create a new one.

4. Click Next or select the Enforcement Details tab.

Enforcement Details

The device roles selected in the Device Roles dialog are populated into the new Enforcement policy defined in the Enforcement Details configuration dialog.

Aruba Roles are configured on the controller.

Figure 4  Enforcement Details Configuration Dialog

5. Aruba Role: For each Device Role, specify the corresponding Aruba Role configured on your Aruba wireless controller(s) or access points.

6. Default Aruba User Role: Enter the default Aruba User role that is configured on your Aruba wireless controller(s) or access points.

7. Click Add Service.

The Aruba Wireless with MAC Authentication with Device Registration service is created. You return to the Services page where the new service is now listed.