Legal Disclaimer: The resource assets in this website may include abbreviated and/or legacy terminology for HPE Aruba Networking products. See www.arubanetworks.com for current and complete HPE Aruba Networking product lines and names.
Cloud Authentication and Policy for Branch Gateways
Cloud Authentication and Policy supports wired authentication for clients connecting to Branch Gateways. Cloud Authentication and Policy can be enabled to perform 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority., MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. , or Cloud Guest authentication.
Configuring Cloud Authentication and Policy Using 802.1x or MAC Authentication
- In the WebUI, set the filter to a Branch Gateway group.
The dashboard context for the group is displayed.
- Under Manage, click Devices, and then click Gateways.
A list of gateways is displayed in the List view.
- Click Config.
The configuration page is displayed for the selected group.
- Ensure you are in the .
- Click > .
- Click the + icon to add a user role in the table.
- Click the + icon in the table. The Role Assignment pop-up appears.
- Select a VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. ID from the drop-down list to which this role must be applied.
- Select a role from the drop-down list. This role is the default user role that is assigned to the clients connecting through this VLAN.
- From the Authentication drop-down, select one of the following options:
- Corporate Authentication—choose this for Dot1x and MAC auth authentication type.
- Cloud Guest—choose this for captive portal A captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users. (via splash page) based authentication type.
- Select the from the drop-down list.
- Select one of the following authentication modes:
- —Select this check box to ensure that the Gateway ports configured under this VLAN are enabled to perform MAC Authentication. Based on the authentication status (Success or Failure), appropriate roles (server provided, default, or initial role) are applied.
- —Select this check box to ensure that the Gateway ports configured under this VLAN are enabled to perform 802.1X Authentication. Based on the authentication status (Success or Failure), appropriate roles (server provided, default, or initial role) are applied. You can also enable MAC authentication to allow clients to complete 802.1X authentication when MAC authentication fails and vice-versa.
- Enable the Cloud Auth Cloud Authentication and Policy allows you to configure user and client access policies that provide a secured, cloud-based network access control (NAC). toggle switch.
This creates the Cloud Authentication and Policy server and is assigned to its server group. These servers are mapped in the AAA Authentication, Authorization, and Accounting. AAA is a security framework to authenticate users, authorize the type of access based on user credentials, and record authentication events and information about the network access and network resource consumption. profiles and used for authentications based on the authentication type (MAC or 802.1x) set in the role assignment profile.
- Click Save in the Role Assignment window and click Save Settings.
The settings are saved.
The following animation shows how to configure Cloud Authentication and Policy for Branch Gateways.