Security

Hi guys! I really need your help. I use 651 controller in corporation. Sofrware version is 6.3.1.8.

My situations:

1) I can not include LDAP server to the controller;

2) How to deny access to everywhere for users from Guest SSID except HTTP/HTTPS?

I would be glad for your answers.

1.  Did you already setup an LDAP server?  If not, instructions on how to set it up is here:  http://www.arubanetworks.com/techdocs/ArubaOS_64x_WebHelp/Web_Help_Index.htm#ArubaFrameStyles/AAA_Servers/Configuring_Servers.htm#aaa_servers_3503549366_1078934

2.  How to configure firewall polcies is here:  http://www.arubanetworks.com/techdocs/ArubaOS_64x_WebHelp/Web_Help_Index.htm#ArubaFrameStyles/Firewall_Roles/Policies.htm

I hope that helps.

Hi, Colin!

For LDAP, yes I did the manual in the help, but may be I read it with somemistakes))

This is my conf. screen. Is there everything right?

after this configuration in AAA Test server i got next errors. When I check with MSCHAPv2: Internal Error: Invalid response (-1);

when I click PAP: Authentication server out of service error accurs;

I have tried to write with my domain name, the same errors.

About policies - thank you! I did what I wanted.

Are you trying to use encryption with your clients?

Dear Colin,

I really dont want but I have to choose between two enryption types)

Don't bother with LDAP.  To use LDAP with encryption, you need to use a custom supplicant on all of your devices.  It is also not as flexibile as radius, harder to troubleshoot and is not the standard for wireless encrytion.  If you have a domain, I would use the instructions on how to configure Windows NPS here:  http://community.arubanetworks.com/t5/ArubaOS-and-Controllers/Step-by-Step-How-to-Configure-Microsoft-NPS-2008-Radius-Server/m-p/14392/highlight/true#M6113

Hi! Sorry for updating so late.

Thanks a lot for your book, we created RADIUS server and everything is good!