Controller Based WLANs

How do I set up 802.1x authentication by using local termination(eap-peap/eap-mschapv2) on an Aruba controller?

Question: How do I set up 802.1x authentication by using local termination(eap-peap/eap-mschapv2) on an Aruba controller?

 

Product and Software: This article applies to all Aruba mobility controllers and ArubaOS 3.x.

The following steps demonstrate how to enable the 802.1x local terminatoin with eap-eap/eap-mschapv2. please modify it with you desired eap type. Also, please create different profile name to match your network setup.

 

1) Navigate to Configuration > Security > Authentication > servers > server group. Create a new server group if you are using external server for 802.1x authentication, and click Add. Click the server group you have just created and enter the server details.

 

2) Navigate to Configuration > Security > Authentication > L2 Authentication > 802.1x Authentication Profile > Create a profile > Add > Apply.

 

3) Select the profile that you have just created under 802.1x Authentication profile. Click > Advanced > Termination EAP-Type > check the eap-peap and eap-mschapv2 > Apply.

 

Note: If you are using the internal server for 802.1x authentication, click the basic and check the termination option and click Apply.

 

4) Click the AAA profile tab. Under AAA Profiles Summary > Create a profile > Apply.

 

5) Click the profile you have just created under AAA profile > 802.1x Authentication Profile > choose the profile that you have created under L2 Authentication in step 2.

 

6) Click the AAA profile > 802.1x Authentication Server Group > select the server group from the drop-down menu > Apply.

 

7) Navigate to Configuration > Wireless > AP Configuration > Choose the AP group > edit > Wireless LAN > Virtual AP > Default > AAA profile > under Profile details, from the drop-down menu, select the AAA profile that you created in step 4 > Apply.

 

8) Click the SSID profile > Basic tab > Select the WPA2 under Network Authentication and AES under  Encryption  > Apply.

 

 

Version History
Revision #:
3 of 3
Last update:
‎05-21-2016 07:30 PM
Updated by:
 
Labels (1)
Comments
mrmadgig

8) Click the SSID profile > Basic tab > Select the WPA2 authentication with AES encryption> Apply.

 

This needs to be in place of the current step 8. 

mrmadgig

Number 1.) is not neccessary if you are going to instruct for just an internal server then there is no need to tell someone to create a new external server. A little confusing. If you want to keep it maybe restructure the statement/sentence like this.

 

Current way: Create a new server group if you are using external server for 802.1x authentication, and click Add. Click the server group you have just created and enter the server details.

 

New Way: If you are going to use an external server for 802.1x authentication then you need to create a new server by clicking ADD. Navigate to Configuration > Security > Authentication > servers > server group and Click ADD. Now Click the server group you have just created and enter the server details.

 

Just my 2 cents but it reads a lot clearer.

Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.