Controller-less WLANs

Static domain configuration on IAP for PAN firewall.
Q:

Can we configure a static domain name to be prefixed with the client user id sent to the PAN firewall?



A:

Starting from 6.4.4.3-4.2.2.0, IAP will check the domain information in client user IDs (used for authentication) for all login and logout requests sent to the PAN firewall. If the user id already has a domain prefix, the request is forwarded to the PAN firewall. Otherwise, the static client domain configured in the PAN firewall profile will be prefixed to the user ID and then sent to the PAN firewall.


CLI Configuration:

 

(Instant AP)(config)# firewall-external-enforcement pan
(Instant AP)(firewall-external-enforcement pan)# enable
(Instant AP)(firewall-external-enforcement pan)# domain-name domain@xyz
(Instant AP)(firewall-external-enforcement pan)# ip 192.0.2.11
(Instant AP)(firewall-external-enforcement pan)# port 443
(Instant AP)(firewall-external-enforcement pan)# user admin1 admin1
(Instant AP)(firewall-external-enforcement pan)# end
(Instant AP)# commit apply

 

Web UI Configuration:

 

More --> Service --> Network Integration

 

 

Version History
Revision #:
2 of 2
Last update:
‎03-29-2017 12:59 PM
Updated by:
 
Labels (1)
Contributors
Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.