Legal Disclaimer: The resource assets in this website may include abbreviated and/or legacy terminology for HPE Aruba Networking products. See www.arubanetworks.com for current and complete HPE Aruba Networking product lines and names.
Configuring Security Settings for a Wired Profile
If you are creating a new wired profile, complete the Wired Settings and VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. procedures before specifying the security settings. For more information, see Configuring Wired Settings and Configuring VLAN Settings for a WLAN SSID Profile.
Configuring Security Settings for a Wired Employee Network
The following procedure configures security parameters for the Employee wired network using the Instant WebUI:
- Configure the following parameters in the
Instant AP, select . When the Port type is trusted, MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. and 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. authentication parameters cannot be configured. The Port Type is by default.
—To support trusted ports in anIn a trusted mode, Instant APs will not create any user entry. A predefined ACL Access Control List. ACL is a common way of restricting certain types of traffic on a physical port. is applied to the trusted port in order to control the client traffic that needs to be source NATed.
- MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. authentication. The MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. authentication is disabled by default. —Click the toggle switch to enable
- 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. authentication. The 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. authentication is disabled by default. —Click the toggle switch to enable
- 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. authentication is attempted when MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. authentication fails. The option is displayed only when both and parameters are enabled. —Click the toggle switch to enable authentication fail-thru. When this feature is enabled,
Select an existing RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. authentication server or in the Authentication server 1 drop-down list. When is selected, an external RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. server must be configured to authenticate the users. For information on configuring an external server, see Configuring an External Server for Authentication.Authentication and User Management
- RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. server. Click the Users link to add users. For information on adding a user, see Overview of Instant AP Users. — If an internal server is selected, add the clients that are required to authenticate with the internal
—Select any of the following options.
- —Disables accounting.
- —When selected, the authentication servers configured for the wired profile are used for accounting purposes.
- —Allows you to configure separate accounting servers.
- RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. server. —Allows you set an accounting interval within the range of 0–60 minutes for sending interim accounting information to the
- Reauth interval—Specify the interval at which all associated and authenticated clients must be reauthenticated.
RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. authentication servers, so that the load across the two RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. servers is balanced. For more information on the dynamic load balancing mechanism, see Dynamic Load Balancing between Two Authentication Servers
—Click the toggle switch if you are using twoThe
parameter does not appear if the option is selected as the authentication server.
> > tab. - Click Access tab details are displayed. . The
The following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. commands configure security settings for an employee wired network:
(Instant AP)(config)# wired-port-profile <name>
(Instant AP)(wired ap profile <name>)# mac-authentication
(Instant AP)(wired ap profile <name>)# l2-auth-failthrough
(Instant AP)(wired ap profile <name>)# auth-server <name>
(Instant AP)(wired ap profile <name>)# server-load-balancing
(Instant AP)(wired ap profile <name>)# radius-accounting
(Instant AP)(wired ap profile <name>)# radius-accounting-mode {user-association|user-authentication}
(Instant AP)(wired ap profile <name>)# radius-interim-accounting-interval <minutes>
(Instant AP)(wired ap profile <name>)# radius-reauth-interval <Minutes>
(Instant AP)(wired ap profile <name>)# trusted