Controllerless Networks

Reply
Contributor I
Posts: 29
Registered: ‎03-12-2015

radius vsa settings for view-only login on IAP

Hi,

 

I recently installed an IAP cluster with 11 AP's (version 6.4.2.6-4.1.1.7_50209) and enabled RADIUS authentication for the webgui login. Now, I would also like to enable RADIUS authentication for view-only. Is this possible? And if yes, how?

Fyi: I already tried ArubaOS based attributes/settings on the RADIUS server to do this, but that did not work (works for non-instant controllers though).

 

Krs,

Dante

Guru Elite
Posts: 21,587
Registered: ‎03-29-2007

Re: radius vsa settings for view-only login on IAP

On instant ONLY available on the 4.2.0.0 version currently in beta testing.  Not available in 4.1.1.7

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor I
Posts: 29
Registered: ‎03-12-2015

Re: radius vsa settings for view-only login on IAP

Ok, Colin, thanks for that info!

Guru Elite
Posts: 21,587
Registered: ‎03-29-2007

Re: radius vsa settings for view-only login on IAP

If you would like to test the beta 2 of 4.2.0.0 please send me a PM with your IAP model and email address.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

New Contributor
Posts: 1
Registered: ‎10-25-2016

Re: radius vsa settings for view-only login on IAP

Hi,

 

I'm looking for the same solution, but for guest user registration. I am on the latest 4.3.1.1 and have radius setup for a group of admin users to administration of the IAPVC. But how do I configure my Radius (NPS) to allow only a group of users to IAPVC administration  and all domain users to access guest user registration?

 

Best regards, 

\\ Andreas

Occasional Contributor II
Posts: 14
Registered: ‎08-19-2013

Re: radius vsa settings for view-only login on IAP

Did this feature get any traction? I can't seem to see any mention of it elsewhere.

Guru Elite
Posts: 21,587
Registered: ‎03-29-2007

Re: radius vsa settings for view-only login on IAP

Please see here:  http://www.arubanetworks.com/techdocs/Instant_423_WebHelp/InstantWebHelp.htm#UG_files/Authentication/UserManagement/ConfAdminUser.htm



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 14
Registered: ‎08-19-2013

Re: radius vsa settings for view-only login on IAP

[ Edited ]

Hi Colin.

 

Thank you for the link. To clarify if you want to authenticate view-only or guest registration users via radius you need to have "Authentication server" turned on for all admin as well?

 

Additionally it seems clearpass (or any radius server) should be returning a privilege level that relates to admin/view-only/guest-reg. I can’t however find this in the clearpass user guide relating to instant auth. Do you know of any existing documentation on how to define these privilege levels for instant gui authentication.

 

Regards,

Brendon

Guru Elite
Posts: 21,587
Registered: ‎03-29-2007

Re: radius vsa settings for view-only login on IAP

You have to turn on Radius Auth under whatever you want radius authentication for.  In addition, you need to return a Radius VSA to allow users to authenticate for that role:

 

The VSA is called “Aruba-Admin-Role” and can take one of the following values:
1) root -  Default Role, Super user role, admin
2) read-only -  Read only commands
3) guest-provisioning -  guest user

 

For example, you could have radius auth for root users, but local authentication for read-only users, or radius auth for both.  You just need to return the correct VSA when doing radius auth for the user that will be authenticating..



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: