Wireless Access

last person joined: 9 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Relevance of AAA profile in VAP profile configuration

This thread has been viewed 3 times

  • 1.  Relevance of AAA profile in VAP profile configuration

    Posted Feb 13, 2017 02:39 PM

    Hi,

    Under the VAP profiles, is it a mandatory requirement to have an AAA profiles configured?

    There are many VAP profiles with SSID profiles not requiring any AAA related configs, for instance wpa2-psk and open.

    Is it still required to have the VAP profile mapped with appropriate AAA profile?

     

    Could see below default AAA profiles on the controller, some appears to be defined even for the wpa2-psk and open.

     

    default    
        MAC Authentication     
        MAC Authentication Server Group            default
        802.1X Authentication     
        802.1X Authentication Server Group    
        RADIUS Accounting Server Group    
        XML API server    
        RFC 3576 server    
     
    default-dot1x              
          MAC Authentication     
          MAC Authentication Server Group            default
          802.1X Authentication                               default
          802.1X Authentication Server Group    
          RADIUS Accounting Server Group    
         XML API server    
         RFC 3576 server    
          
    default-dot1x-psk    
        MAC Authentication     
        MAC Authentication Server Group            default
        802.1X Authentication                               default-psk
        802.1X Authentication Server Group    

        RADIUS Accounting Server Group    
        XML API server    
        RFC 3576 server    
        
    default-mac-auth    
        MAC Authentication                                  default
        MAC Authentication Server Group            default
        802.1X Authentication     
        802.1X Authentication Server Group    
        RADIUS Accounting Server Group    
        XML API server    
        RFC 3576 server    
        
    default-open    
        MAC Authentication     
        MAC Authentication Server Group            default
        802.1X Authentication     
        802.1X Authentication Server Group    
        RADIUS Accounting Server Group
        XML API server    
        RFC 3576 server    
        
    default-xml-api    
         MAC Authentication     
         MAC Authentication Server Group             default
         802.1X Authentication     

         802.1X Authentication Server Group    
          RADIUS Accounting Server Group    
         XML API server    
         RFC 3576 server    
        
        
    GUEST-aaa_prof          
        MAC Authentication          
        MAC Authentication Server Group            default
        802.1X Authentication     
        dot1x_prof-nvm52
        802.1X Authentication Server Group    
        RADIUS Accounting Server Group    
        XML API server    
        RFC 3576 server



  • 2.  RE: Relevance of AAA profile in VAP profile configuration

    EMPLOYEE
    Posted Feb 13, 2017 03:32 PM

    Yes.  A VAP must have a SSID profile and a AAA profile to broadcast successfully.  The AAA profile has the initial role that the encryption type will have.  The default profiles do not really have anything configured, so it is not conclusive looking at the built-in default profiles.