Onboard Service Template

This service creates an Onboard Pre-Authentication service to check the user's credentials before starting the device provisioning process. This service template also creates an authorization service that checks whether a user's device can be provisioned using Onboard. To authenticate users prior to device provisioning with Onboard, as well as after device provisioning is completed, use an Aruba 802.1X Wireless service .

To access the Onboard service template:

1. Navigate to Configuration > Service Templates & Wizards.

2. From the Service Templates & Wizards page, select Onboard. The Service Templates - Onboard page opens to the General tab.

Figure 1  Onboard Pre-Authorization Service Template

3. Specify the Onboard Authorization service template parameters as described in the following table:

Table 1: Onboard Authorization Service Template Parameters

Parameter

Description

General

Select Prefix

Select a prefix from the existing list of prefixes or enter the name of a new prefix.

This populates the preconfigured information in the Wireless Network Settings, Device Access Restrictions, and Provisioning Wireless Network Settings sections. The Name Prefix field is not editable.

Name Prefix

Enter a prefix that you want to append to services using this template. Use this to identify services that use templates.

Wireless Network Settings

Wireless Controller Name

Enter the name of the wireless controller.

Controller IP Address

Enter the wireless controller's IP address.

Vendor Name

Select the manufacturer of the wireless controller.

RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  Shared Secret

Enter the shared secret that is configured on the controller and inside Policy Manager to send and receive RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  requests.

Enable RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  CoA Change of Authorization. The RADIUS CoA is used in the AAA service framework to allow dynamic modification of the authenticated, authorized, and active subscriber sessions. .

Select to enable RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  initiated CoA Change of Authorization. The RADIUS CoA is used in the AAA service framework to allow dynamic modification of the authenticated, authorized, and active subscriber sessions. (Change of Authorization) on the network device.

RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  CoA Change of Authorization. The RADIUS CoA is used in the AAA service framework to allow dynamic modification of the authenticated, authorized, and active subscriber sessions. Port

Specifies the default port 3799 if RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  CoA Change of Authorization. The RADIUS CoA is used in the AAA service framework to allow dynamic modification of the authenticated, authorized, and active subscriber sessions. is enabled.

NOTE: Change this value only if you defined a custom port on the network device.

Device Access Restrictions

Days allowed for access

Select the days of the week that onboarded devices are allowed network access.

Provisioning Wireless Network Settings

Wireless SSID Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. for Onboard Provisioning

Enter the SSID Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. of your network.

Add New Onboard Network Settings

Click the Add New Onboard Network Settings link to launch the Web UI User Interface. to modify the Onboard network settings.

4. Click Add Service.

You return to the Services page, where the Onboard service has been added.