Legal Disclaimer: The resource assets in this website may include abbreviated and/or legacy terminology for HPE Aruba Networking products. See www.arubanetworks.com for current and complete HPE Aruba Networking product lines and names.
802.1X Wireless—Identity Only Service
Configuration for this type of service is the same as the Aruba 802.1X Wireless Service.
, except that and policies are not configurable when you use this template. For more information, seeThe following figure displays the
> > dialog:Figure 1 802.1X Wireless—Identity Only Service Dialog
The Service Rules section defines a set of criteria that supplicants must match to trigger the service. Some service templates have one or more rules predefined. You can click on a service rule to modify any of its options.
tab provides basic configuration parameters for the service. TheTo configure a 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. Wireless -Identity Only service:
1. Navigate to > , then click the link. The dialog opens.
2. From the drop-down, select .
3. Specify the tab parameters as described in the following table:
Parameter |
Action/Description |
Type |
Select . |
Name |
Enter the name of this service. |
Description |
Policy Manager autofills the Description field with "802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. Wireless Access Service - Identity Only." You can change the description if you wish. |
Monitor Mode |
Select this check box to monitor network access activity without enforcement. |
More Options |
Check these boxes to access the additional configuration tabs: Authorization: See Authorization Configuration Profile Endpoints: See Profile Endpoints Configuration Accounting Proxy: See Accounting Proxy Configuration |
|
|
Matches |
Select the match condition for this service: Matches ANY Matches ALL of the following conditions |
Type |
Select to select the service rule type. |
Name |
Select the name of the service rule from the drop-down list. |
Operator |
Select an appropriate operator from the list of operators for the data type of the attribute. |
Value |
Enter the value or select the value from the drop-down list. The value list depends on the and selected. |
4. Click a service rule to modify its options.
5. Click to view the tab.
The Authentication tab contains options for configuring authentication methods and authentication sources. Specify the
tab parameters as described in the following table:Use the Authorizationcheck box. Policy Manager fetches role-mapping attributes from the authorization sources associated with the service, regardless of which authentication source was used to authenticate the user.
tab to select the authorization sources for this service. The tab is not displayed by default. To access this tab, select the >For a given service, role-mapping attributes are fetched from the following authorization sources:
Authorization sources associated with the authentication source
Authorization sources associated with the service
Specify the
parameters as described in the following table:Table 1: Add Aruba 802.1X Wireless -Identity Only Service > Authorization Parameters
Parameter |
Action/Description |
---|---|
Authentication Source |
Displays the authorization sources from which role mapping attributes are fetched for each authentication source. |
Attributes Fetched From |
Displays the source of attributes. |
Additional authorization sources from which to fetch role-mapping attributes |
Specify the authorization sources using the field.There can be one or more instances of the following list of authorization sources: Admin User Repository
Endpoints Repository Guest Device Repository Guest User Repository Insight Repository Local User Repository
Onboard Devices Repository Social Login Repository Time Source When you attempt to specify more than 23 Services authorization sources, the following error message is displayed: |
Use the
tab to associate a role-mapping policy with this service.Specify the
parameters as described in the following table:
Parameter |
Action/Description |
Role Mapping Policy |
Select a role mapping policy from the drop-down list. Policy Manager ships a number of preconfigured roles. A service can be configured without a role-mapping policy, but only one role-mapping policy can be configured for each service. |
|
|
Description |
Provide additional information about the selected role-mapping policy. |
Default Role |
Specify the role to which Policy Manager defaults when the role-mapping policy does not produce a match. |
Rules Evaluation Algorithm |
Shows the first matched rule. |
For information on configuring role-mapping policies, see Configuring a Role and Role-Mapping Policy.
Use this tab to select an enforcement policy for a service by specifying the
parameters as described in the following table:
Parameter |
Action/Description |
Use Cached Results |
Select this check box to use cached roles and posture attributes from previous sessions. |
Enforcement Policy |
Select the preconfigured enforcement policy from the drop-down list. This is mandatory. If you do not have any preconfigured enforcement policies, click to create a new enforcement policy. |
|
|
Description |
Displays additional information about the selected enforcement policy. |
Default Profile |
Displays a default profile applied by Policy ManagerPolicy Manager. |
Rules Evaluation Algorithm |
Shows the first matched rule. |
For related information, see Configuring Enforcement Policies.
The
tab is not displayed by default. To access this tab, return to the tab and select > .Specify the
parameters as described in the following table:The RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. accounting packets to all the proxy targets. You can configure the proxy targets to which RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. server should be forwarded and the attributes to be added in the accounting. This enables the external security solutions to use the RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. account event to detect when a user connects and disconnects to the server.
tab is not displayed by default. To access this tab, return to the tab and select > . Use the tab to broadcast theSpecify the
parameters as described in the following table:The
page presents the summary of parameters defined when you created a new service.