Security

Reply
Contributor II

MC 7200 Authentication Server

Hello,


In case of Internal AAA Server is used on the Mobility Controller MC 7200, in this case:

> Can we assign a group of AP's to be Authenticators for this internal MC Authentication Server? - And, another group of AP's, the MC will forward their Radius messages to external Radius Server?

> How can this be done?


Another questions please, in case of internl Auth Server by the MC 7200, what are the requirements on the Client UE? Does he need to support for example some kind of EAP?

 

Thanks.

Guru Elite

Re: MC 7200 Authentication Server

Yes. Authentication is defined in each VAP. Each AP group can have different VAPs.

You should consider using a RADIUS server for all authentication instead of the internal database.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor II

Re: MC 7200 Authentication Server

What are the requirements on the Cleints UE's in case of Internal Auth Server?

Guru Elite

Re: MC 7200 Authentication Server

Are you doing cert based auth or username/password?

EAP-TLS, EAP-PEAP/MSCHAPv2, and EAP-PEAP/GTC are supported.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor II

Re: MC 7200 Authentication Server

Username/Password only

Guru Elite

Re: MC 7200 Authentication Server

The EAP method most often used is EAP-PEAP/MSCHAPv2 because all clients support it.

 

Like T Cappalli says, you should really not bother with the intenal radius server;  you should use an external one for maximum flexibility.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: