You are here: CLI_commands > wlan auth-server
Previous TopicNext Topic

wlan auth-server

wlan auth-server <auth_profile_name>

acctport <accounting-port>

cppm-rfc3576-only

cppm-rfc3576-port <rfc3576-port>

deadtime <time>

drp-ip <IP-address> <mask> vlan <vlan> gateway <gateway-IP-address>

ip <IP-address>

key <key>

nas-id <NAS-ID>

nas-ip <IP-address>

port <port-name>

retry-count <count>

rfc3576

timeout <seconds>

no…

Description

This command configures an external RADIUS and CPPM server for user authentication.

Syntax

Command/Parameter

Description

Range

Default

wlan auth-server <server-profile>

Configures the external RADIUS server authentication profile.

acctport <accounting-port>

Configures the accounting port number used for sending accounting records to the RADIUS server. 1813

cppm-rfc3576-only

Configures a CPPM server used for AirGroup CoA (Change of Authorization) with RFC3576 only.

The CPPM server acts as a RADIUS server and asynchronously provides the Air Group parameters for the client device, including shared user, shared role and shared location.

cppm-rfc3576-port <rfc3576-port>

Configures the port number for sending AirGroup CoA, instead of the standard CoA port. 5999
deadtime <time>

Configures a dead time interval for the authentication server.

When two or more authentication servers are configured on the IAP and a server is unavailable, the dead time configuration determines the duration for which the authentication server would be available if the server is marked as unavailable.

1—1440 minutes 5

drp-ip <IP-address> <mask> vlan <vlan> gateway <gateway-IP-address>

Configures the IP address, net mask and VLAN, which will be used as source address and VLAN for RADIUS packets.

NOTE: Before configuring DRP IP address, ensure that dynamic RADIUS proxy is enabled, and a static Virtual Controller IP is configured.

ip <IP-address> Configures the IP address of the RADIUS server

key <key>

Configures a shared key communicating with the external RADIUS server.

nas-id <NAS-ID>

Configures Network Attached Storage (NAS) identifier strings for RADIUS attribute 32, which is sent with RADIUS requests to the RADIUS server.

nas-ip <IP-address>

Configures the Virtual Controller IP address as the NAS address which is sent in data packets.

port <port-name>

Configures the authorization port number of the external RADIUS server. 1812

retry-count <count>

Configures the maximum number of authentication requests that can be sent to the server group. 1-5 3

rfc3576

Allows the IAPs to process RFC 3576-compliant Change of Authorization (CoA) and disconnect messages from the RADIUS server. Disconnect messages cause a user session to be terminated immediately, whereas the CoA messages modify session authorization attributes such as data filters. Disabled

timeout <seconds>

Configures a timeout value in second to determine when a RADIUS request must expire.

The IAP retries to send the request several times (as configured in the Retry count), before the user gets disconnected. For example, if the Timeout is 5 seconds, Retry counter is 3, user is disconnected after 20 seconds.

1 to 30 seconds 5
no… Removes the configuration.

Usage Guidelines

Use this command to configure an external RADIUS server and a CPPM server as a RADIUS server for AirGroup Change of Authorization (CoA) requests.

Example

The following example configures the external RADIUS server parameters:

(Instant AP)(config)# wlan auth-server RADIUS1

(Instant AP)(Auth Server <RADIUS1>)# ip 192.0.0.5

(Instant AP)(Auth Server <RADIUS1>)# key SecretKey

(Instant AP)(Auth Server <RADIUS1>)# port 1812

(Instant AP)(Auth Server <RADIUS1>)# acctport 1813

(Instant AP)(Auth Server <RADIUS1>)# no nas-id

(Instant AP)(Auth Server <RADIUS1>)# no nas-ip

(Instant AP)(Auth Server <RADIUS1>)# drp-ip 192.0.2.11 255.255.255.255 vlan 200 gateway 192.0.2.15

(Instant AP)(Auth Server <RADIUS1>)# timeout 10

(Instant AP)(Auth Server <RADIUS1>)# retry-count 3

(Instant AP)(Auth Server <RADIUS1>)# end

(Instant AP)# commit apply

Command History

Version

Description

Aruba Instant 6.3.1.1-4.0 This command is modified.

Aruba Instant 6.2.1.0-3.3

This command is introduced.

Command Information

IAP Platform

Command Mode

All platforms

Configuration mode and authentication server profile sub-mode.