Aruba Instant & Cloud Wi-Fi

Reply
Occasional Contributor I
Posts: 9
Registered: ‎09-17-2015

Instant Ap 802.1x Authentication

 

Hello , 

 

scenario#1

clients successfuly authenticate and got connected to the

network ssid via radius autentication.   

 

i wonder what will happen to the clients if both the master&radius will go down and other iap will become the VC .

 

 

scenario#2

is it possible to make iap 105/205 port 0 (uplink) to connect switch port that configured with 802.1x base port authentication? 

 

i found this tutorial , i didnt fully understand how to add aps to the group after we configured AP1X ..:

https://community.arubanetworks.com/t5/tkb/articleprintpage/tkb-id/Controller-lessWLANs/article-id/743

  

 

scenario#3 

iap fully operational and powered with PSU ,what will happen to WPA2-ENT users that alredy got connected  if someone will disconnect the iap from the network and reconnect it directly to his pc in attempt to start a packet capture? 

 

 

 

Guru Elite
Posts: 19,972
Registered: ‎03-29-2007

Re: Instant Ap 802.1x Authentication

If the VC (Virtual Controller) goes down, another AP takes its place.  If dynamic radius proxy is enabled, all authentication gets sent out of the VC, through the VC's Virtual Controller address.  if DRP is not enabled, all radius authentication comes from the AP that the device is connected to.  if radius is down, no new clients can attach.

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Occasional Contributor I
Posts: 9
Registered: ‎09-17-2015

Re: Instant Ap 802.1x Authentication

Hi Colin ,

 

none of it answer my qustions , let me rephrase question #1.

 

In scenario#1 there is two iAPs in the group , the client already authenticated & connected to the slave iap. , what will happen to the client session after new vc election , does the client will need to reauthenticate?  ("Reauth interval" & "Authentication survivability" set with default values .. )

 

 

Thank you ,
 

 

 

Guru Elite
Posts: 19,972
Registered: ‎03-29-2007

Re: Instant Ap 802.1x Authentication

If the AP does not go away, the client stays connected to it.  If the client is connected to the slave and the master goes away, the client stays connected...  A VC election does not interfere with clients on other access points that stay in service.

 

Authentication Survivability requires ClearPass Policy Manager 6.0.0.2 and above.  It is to protect against the radius server going down or the wan between the AP and the radius server going down.  Users that have already authenticated can stay on and roam to other APs in the cluster.

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Search Airheads
Showing results for 
Search instead for 
Did you mean: