Can I use a separate authentication mechanism for different platforms with VIA?

Aruba Employee

Question:  Can I use a separate authentication mechanism for different platforms with VIA?

 

Product and Software: This article applies to all ArubaOS versions.

 

Can I use these authentication types for these platforms?

  • Windows PC: machine + Active Directory authentication
  • MAC: SecurID authentication
  • iOS: certificate authentication

Aruba can support multiple authentication types by putting each of them into a different VIA profile, and thus using a different VIA authentication profile.

The controller does not get "told" the client OS type though, so nothing stops you from deleting the VIA profile on the device and redownloading it. If you supplied credentials that pointed to the iOS auth profile, but you were on Windows, then you would get the certificate profile downloaded.

If you configure the following, you can use a separate authentication.

 

Windows PC: machine + Active Directory authentication

If machine authentication against Active Directory, it will work.

If machine authentication PLUS user authentication against Active Directory, it will work.

Configure IKEv1 and use a certificate or PSK for the "machine auth" portion, followed by Xauth for user authentication, which could be done against Active Directory.

 

MAC: SecurID authentication

This will not work because for MacOS we need VIA 2.0, which is expected to release soon.

 

iOS: certificate authentication

This should work OK by configuring IKEv2 with "user-cert" as the authentication method.

Version history
Revision #:
1 of 1
Last update:
‎07-04-2014 01:17 PM
 
Labels (1)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.