Environment : This article applies to all controller models and all OS versions.
When the VPN clients (RAPs, VIA, and third-party VPN clients) submit authentication credentials, the VPN server on the controller has to validate them against an authentication server and assign a user role to the authenticated clients. The VPN authentication profiles in the ArubaOS define the user role assigned for authenticated VPN clients, an authentication server, and the server group to which the authentication server belongs. The three predefined VPN authentication profiles are:
default: for VIA and third-party VPN clients
default-cap: for campus APs (CAPs)
default-rap: for RAPs
These three profiles allow the use of different authentication servers, user roles, and IP pools for VIA clients, CAPs, and RAPs.
NOTE: Additional VPN profiles cannot be added. The default and default-rap profiles are configurable, but the default-cap profile cannot be edited.