Question: Can I use a separate authentication mechanism for different platforms with VIA?
Product and Software: This article applies to all ArubaOS versions.
Can I use these authentication types for these platforms?
- Windows PC: machine + Active Directory authentication
- MAC: SecurID authentication
- iOS: certificate authentication
Aruba can support multiple authentication types by putting each of them into a different VIA profile, and thus using a different VIA authentication profile.
The controller does not get "told" the client OS type though, so nothing stops you from deleting the VIA profile on the device and redownloading it. If you supplied credentials that pointed to the iOS auth profile, but you were on Windows, then you would get the certificate profile downloaded.
If you configure the following, you can use a separate authentication.
Windows PC: machine + Active Directory authentication
If machine authentication against Active Directory, it will work.
If machine authentication PLUS user authentication against Active Directory, it will work.
Configure IKEv1 and use a certificate or PSK for the "machine auth" portion, followed by Xauth for user authentication, which could be done against Active Directory.
MAC: SecurID authentication
This will not work because for MacOS we need VIA 2.0, which is expected to release soon.
iOS: certificate authentication
This should work OK by configuring IKEv2 with "user-cert" as the authentication method.