I see , the IAP uses a different command format compare to the controller.
If you have AirWave you can push these settings, using a template based configuration .
If you don't AirWave and you are planning to deploy several sites , i recommend manually configuring one site and then use that configuration as your template
You can use the following as a template (this assumes you are using ClearPass) to get you going:
wlan auth-server CPPM-RADIUS-SVR-1
ip <CLEARPASS-IP-1>
port 1812
acctport 1813
key <SHARED-KEY>
rfc3576
cppm-rfc3576-port 5999
exit
wlan auth-server CPPM-RADIUS-SVR-2
ip <CLEARPASS-IP-2>
port 1812
acctport 1813
key <SHARED-KEY>
rfc3576
cppm-rfc3576-port 5999
exit
wlan external-captive-portal SPLASH-CP-AUTH-PROFILE
server <CLEARPASS-URL>
port 443
url "/guest/splash_page.php"
auth-text ""
https
end
commit apply
configure terminal
exit
wlan access-rule EMPLOYEE-ROLE
index 14
rule any any match any any any permit
exit
wlan access-rule MACHINE-AUTH-ROLE
index 15
rule any any match any any any permit
exit
wlan access-rule REGISTERED-DEVICE-ROLE
index 16
rule any any match any any any permit
end
commit apply
configure terminal
wlan access-rule GUEST-ROLE
index 17
rule any any match any any any permit
exit
wlan access-rule GUEST-LOGON-ROLE
index 18
captive-portal external profile SPLASH-CP-AUTH-PROFILE
rule any any match udp 67 68 permit
rule any any match udp 53 53 permit
rule alias <CLEARPASS-URL> match tcp 80 80 permit
rule alias <CLEARPASS-URL> match tcp 443 443 permit
end
commit apply
configure terminal
wlan ssid-profile <802.1X-SSID-PROFILE>
enable
index 5
type employee
essid <802.1X-SSID>
opmode wpa2-aes
max-authentication-failures 0
vlan <SECURE-VLAN-ID>
auth-server CPPM-RADIUS-SVR-1
auth-server CPPM-RADIUS-SVR-2
set-role Aruba-User-Role value-of
rf-band all
captive-portal disable
dtim-period 1
broadcast-filter all
server-load-balancing
radius-accounting
radius-interim-accounting-interval 5
g-min-tx-rate 12
a-min-tx-rate 12
multicast-rate-optimization
dynamic-multicast-optimization
dmo-channel-utilization-threshold 90
local-probe-req-thresh 0
max-clients-threshold 64
okc
end
commit apply
configure terminal
wlan ssid-profile <GUEST-SSID-PROFILE>
enable
index 6
type guest
essid <GUEST-SSID>
opmode opensystem
max-authentication-failures 0
vlan <GUEST-VLAN-ID>
auth-server CPPM-RADIUS-SVR-1
auth-server CPPM-RADIUS-SVR-2
set-role Aruba-User-Role value-of
rf-band all
captive-portal external profile SPLASH-CP-AUTH-PROFILE
mac-authentication
dtim-period 1
broadcast-filter all
enforce-dhcp
server-load-balancing
radius-accounting
radius-interim-accounting-interval 5
g-min-tx-rate 12
a-min-tx-rate 12
multicast-rate-optimization
dmo-channel-utilization-threshold 90
local-probe-req-thresh 0
max-clients-threshold 64
end
commit apply