Aruba Instant & Cloud Wi-Fi

Reply
Occasional Contributor II
Posts: 19
Registered: ‎07-24-2014

IAP auth with external radius ?

how do i authenticate inistant with external radius ?

 

what is DRP IP ?

 

thanks ,

Ehab

MVP
Posts: 4,266
Registered: ‎07-20-2011

Re: IAP auth with external radius ?

https://arubanetworkskb.secure.force.com/pkb/articles/FAQ/What-is-dynamic-radius-proxy-and-related-settings-in-authentication-server-configuration-of-IAP

Yes , it is possible to use IAP and auth to an external radius server
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
MVP
Posts: 4,266
Registered: ‎07-20-2011

Re: IAP auth with external radius ?

What type of server are you trying to use ?

Here's some good training :
http://cloud.arubanetworks.com/instant-training
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Valued Contributor II
Posts: 804
Registered: ‎12-01-2014

Re: IAP auth with external radius ?

Hi Friend,

 

Here are the steps to configure IAP with external RADIUS,

 

Click on "System" and fill the below details.



User-added image


Give an IP to the Virtual Controller and enable Dynamic radius Proxy. This will forward all the radius packets ( from any IAP in the cluster) to RADIUS server with the VC's IP.

Click on "Authentication" and add a new radius Server.


User-added image


Navigate to Security - Role page and add two new roles.

Employee : allowed to all destination.
Contractor : limited access
These roles can be customized based on user's requirements.



User-added image


Sample Contractor Role.

User-added image



Create a new SSID.

Click on "New" and give a name to the SSID.


User-added image


On next page, select the Client IP assignment.

We can have it either VC assigned or Network Assigned based on our requirements.



User-added image

On the Next page,

User-added image

Select the security as "Enterprise"
Key Management as "WPA-2-Enterprise"
Authentication server as < Server Name>


On the next page,

here we have to select the proper method to assign a role to the authenticated clients ( users).


User-added image

Please don't forget to configure the RADIUS client and other details in the server :)

 

Hope you got some idea, please go ahead and try.

 

Please feel free if you need any furhter help on this.

Cheers,
Venu Puduchery,
[Is my post helped you ? Give Kudos :) ]
Occasional Contributor II
Posts: 19
Registered: ‎07-24-2014

Re: IAP auth with external radius ?

thanks all for your fast responce .

it works well but after cliend succesufull login via external radius server he can not access network shared folder that he already has access to them in active directory .

 

please find attchement for system config and radius config that worked with me but with out access with shared folder .

 

thanks

Ehab

Valued Contributor II
Posts: 804
Registered: ‎12-01-2014

Re: IAP auth with external radius ?

Hi,

 

What is the authenticated role assigned to the user and the policy mapped to that role, check whether you are allowing required traffic.

Cheers,
Venu Puduchery,
[Is my post helped you ? Give Kudos :) ]
Occasional Contributor II
Posts: 19
Registered: ‎07-24-2014

Re: IAP auth with external radius ?

on Active directory , user  has full control on shared folder , but when login via radius server  the user cant access this shard folder

 

thanks ,

Ehab

Valued Contributor II
Posts: 804
Registered: ‎12-01-2014

Re: IAP auth with external radius ?

Hi friend,

 

I'm talking about the role assigned to the wireless user. always a policy will be tagged with the role.

 

AD credentials will be used for authentication purpose. after successfull authentication user traffic will allowed asper the role and policy assigned to that user. here role can be assigned by the VC or by the RADIUS server, depends on the configuration.

 

Please feel free still if you need help on this.

 

 

 

Cheers,
Venu Puduchery,
[Is my post helped you ? Give Kudos :) ]
MVP
Posts: 4,266
Registered: ‎07-20-2011

Re: IAP auth with external radius ?

[ Edited ]

Verify which role is the user getting after passing authentication and see what ACLs do you have apply

 

 

2014-12-15 11_13_55-Instant.png

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Search Airheads
Showing results for 
Search instead for 
Did you mean: