AirWave Wireless Management Suite | Configuration Guide Aruba Configuration Reference | 79
xSec MTU
(1024 - 1500 Bytes)
1300 bytes Define the maximum transmission unit size in bytes.
Termination No Select this option to terminate 802.1x authentication on the controller.
Termination EAP-
Type TLS
No Specify if the EAP termination type is TLS.
Termination EAP-
Type PEAP
0 Specify EAP-PEAP termination.
802.1x authentication based on PEAP with MS-CHAPv2 provides both
computer and user authentication. If a user attempts to log in without the
computer being authenticated first, the user is placed into a more limited
“guest” user role.
Windows domain credentials are used for computer authentication, and
the user’s Windows login and password are used for user authentication. A
single user sign-on facilitates both authentication to the wireless network
and access to the Windows server resources.
Termination Inner
EAP-Type
MSCHAPv2
No Enable or disable this setting. You can enable caching of user credentials
on the controller as a backup to an external authentication server. The
EAP-Microsoft Challenge Authentication Protocol version 2 (MS-CHAPv2),
described in RFC 2759, is widely supported by Microsoft clients.
Termination Inner
EAP-Type GTC
No Enable or disable GTC. EAP-Generic Token Card (GTC): Described in RFC
2284, this EAP method permits the transfer of unencrypted usernames
and passwords from client to server. The main uses for EAP-GTC are one-
time token cards such as SecureID and the use of LDAP or RADIUS as the
user authentication server.
You can also enable caching of user credentials on the controller as a
backup to an external authentication server.
Token Caching Disabled Specify whether EAP token caching is enabled or disabled.
Token Caching
Period (1-240 hrs)
24 Specify token caching, in hours. The supported range is from 1 to 240
hours.
CA-Certificate N/A Type the CA certificate imported into the controller.
Server-Certificate N/A Specify a server certificate. The list of available certificates is taken from
the computer certificate store on which IAS is running. In this case, a self-
signed certificate was generated by the local certificate authority and
installed on the IAS system. On each wireless client device, the local
certificate authority is added as a trusted certificate authority, thus allowing
this certificate to be trusted.
TLS Guest Access No Specify if TLS authentication supports guest users.
User-level authentication is performed by an external RADIUS server using
PPP EAP-TLS. In this scenario, client and server certificates are mutually
authenticated during the EAP-TLS exchange. During the authentication,
the controller encapsulates EAP-TLS messages from the client into
RADIUS messages and forwards them to the server.
TLS Guest Role ap-role Specify the TLS authentication role that will support guests. This setting
requires a policy enforcement firewall license.
Table 17 Aruba Configuration > Profiles > AAA > 802.1x Auth Profile Settings (Continued)
Field Default Description
To Next Page
Loading...
