1 Management Authentication using Windows IAS as a Radius Server OVERVIEW: In this we are using Radius server Windows IAS as a backend server for the management authentication for the controller. When the user try to login into the controller the request will first go to the external radius server to validate. If the user entry is present in the Windows AD(Active Directory) the success authentication will happen and the user can login into the controller with the admin rights. We are using this technique as to provide more security within the network, i.e. only valid users those have a privilege can access the network device. Q: What are the settings I have to configure on the controller as well as on the radius server for successful management authentication and bypass the enable password? First of all we have to configure an external radius server (IAS). Please do the below steps to configure the radius server. Please navigate to Start -> Settings -> Control Panel -> Administrative Tools -> Internet Authentication Service ->click Right click on the Internet Authentication Service(local) and check whether the service is start or not. If not please start the service.
2 Right click on the Radius Clients and select New Radius Client. Specify any friendly name to the radius client and below mention the controller s IP address or Switch IP address. Click on next button. Specify the Shared Secret key in the below screen (in my case its ) and click the finish button.
3 Now create the remote policy, right click on the Remote Access Policies and select New Remote Access Policy the below screen will appears. Lick on the next button
4 Select the first option Use the wizard to set up and give some name to the remote policy e.g. Remote-Policy. Click on the next button Select the options based on the method used to gain access to the network. In our case I am using Wireless. Click on next button
5 Select the user or group in the below screen. In my scenario I am using the user instead of group. Click on the next button. Select the Protected EAP (PEAP) from the drop down menu and click on the next button.
6 Click on the finish button to save the changes. Right click on the Remote policy we have created just now and go to the properties.
7 The below window will open. Choose the Grant remote access permission option and click on Edit Profile Click on the Authentication tab and select the below authentication method that includes PAP and MSCHAP. Click on the Apply button to save the changes.
8 Click on the Advanced tab on the same window as above. Click on the add button
9 Choose the Vendor-Specific option and click on Add button. Click on the add button in the below window
10 Enter the vendor code as 14823(which is for Aruba) and choose the option Yes, It confirms. Click on Configure Attribute button
11 Specify the Vendor-assigned attribute number as 3 and attribute value as 7 and click on Ok button to save the changes. Click on Ok and apply buttons in all the windows as to save the changes. Also create a user entry in the active directory. After creating the user entry on the Windows Active directory, right click on the user and go to the properties. Select the Dial-in tab and choose the Allow access for the user and click on Ok button. The setting we have to configure on the Aruba controller or Switch.
12 FROM WEBUI: Please navigate to Configuration tab-> Under Security click on Authentication -> Select the Servers tab -> Click on RADIUS Server -> Specify any name e.g. Aruba -> add -> Apply Click on the Radius server you just created and specify the details like radius client ip address and the shared secret key -> Apply
13 Click on the Server Group under the same window and create a new server group e.g. Test-Server -> Add -> Apply Choose the Server Group you created above -> on the RHS click on new button choose the radius server from the drop down menu -> Add Server -> Apply
14 As to check whether the communication is happens between Aruba Controller and radius server. Go to Diagnostics tab -> AAA test server -> From the drop down menu select the radius server e.g. Aruba -> choose any authentication method PAP or MSCHAPv2-> Specify the username -> type the password -> Begin test If you will see the Authentication successful means communication happens between Aruba controller and Radius server. Please navigate to Configuration tab-> Under Management click on Administration -> On the RHS select the server group under Management Authentication Servers from the drop-down menu e.g. Test-Server-> Apply
15 Try to login into the controller with the user entry present on the Windows Active Directory e.g. in my case ram is the username. FROM CLI: (Aruba) #configure t Enter Configuration commands, one per line. End with CNTL/Z (Aruba) (config) #aaa authentication-server radius Aruba (Aruba) (RADIUS Server "Aruba") #enable (Aruba) (RADIUS Server "Aruba") #host (Aruba) (RADIUS Server "Aruba") #key (Aruba) (RADIUS Server "Aruba") #exit (Aruba) (config) #exit (Aruba) #aaa test-server pap Aruba ram Authentication successful (Aruba) #show aaa authentication-server all Auth Server Table Name Type IP addr AuthPort Status Inservice Requests Internal Local n/a Enabled Yes 0 Aruba Radius Enabled Yes 34 (Aruba) # User: ram
16 Password: ********* NOTICE NOTICE -- This switch has active licenses that will expire in 21 days NOTICE NOTICE -- See 'show license' for details. NOTICE (Aruba) #
Windows 2003 / Enhanced Configuring Internet Authentication Service on Microsoft Windows 2003 Server Introduction This technote describes how to setup the Internet Authentication service (IAS) on a Microsoft
NF3ADV VoIP Setup Guide (for TPG) Configuring your NF3ADV for TPG VoIP The following steps will take you through the process of setting up your VoIP connection. This guide assumes that the NF3ADV already
Installation / Backup \ Restore of a Coffalyser.Net server database using SQL management studio This document contains instructions how you can obtain a free copy of Microsoft SQL 2008 R2 and perform the
COX BUSINESS ONLINE BACKUP Quick start Guide www.cox.com Services and features not available in all areas and package options vary by market. Rates and speeds vary by market. Number of users and network
Enabling Integrated Windows Authentication For CitectSCADA Web Client Applies To: CitectSCADA 6.xx and 7.xx VijeoCitect 6.xx and 7.xx Summary: What is the difference between Basic Authentication and Windows
ARGUS Enterprise 10.6 5/29/2015 ARGUS Software An Altus Group Company for ARGUS Enterprise Version 10.6 5/29/2015 Published by: ARGUS Software, Inc. 3050 Post Oak Boulevard Suite 900 Houston, Texas 77056
USER CONFERENCE 2011 SAN FRANCISCO APRIL 26 29 Running MarkLogic in the Cloud DEVELOPER LOUNGE LAB Table of Contents UNIT 1: Lab description... 3 Pre-requisites:... 3 UNIT 2: Launching an instance on EC2...
Acronis Backup & Recovery 11 Quick Start Guide Applies to the following editions: Advanced Server Virtual Edition Advanced Server SBS Edition Advanced Workstation Server for Linux Server for Windows Workstation
Avigilon Control Center Server User Guide Version 4.10 PDF-SERVER-D-Rev1 Copyright 2011 Avigilon. All rights reserved. The information presented is subject to change without notice. No copying, distribution,
Cloud Authentication Getting Started Guide Version 2.1.0.06 ii Copyright 2011 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document complete and accurate.
FLX VoIP Registering with Cisco UCM Date: May 15 th, 2012 This technical note gives a detailed description on how to register a Revolabs FLX conference phone with a Cisco Unified Communications Manager
Configuration Guide Lepide Exchange Recovery Manager Lepide Software Private Limited, All Rights Reserved This User Guide and documentation is copyright of Lepide Software Private Limited, with all rights
Diamond II v2.3 Service Pack 4 Installation Manual P/N 460987001B ISS 26APR11 Copyright Disclaimer Trademarks and patents Intended use Software license agreement FCC compliance Certification and compliance
INTRODUCTION... 2 Windows 7... 2 Windows 8... 7 Mac OS X... 11 Ubuntu... 15 Advanced routing... 18 Windows... 18 Mac OS X... 18 Ubuntu... 18 Updated: Juha Jokinen Page (1/18) INTRODUCTION This is a guide
SIP Trunking using the Optimum Business Sip Trunk Adaptor and the 3CX PBX v12.5 Table of Contents 1. Overview 3 2. Prerequisites 3 3. PBX Configuration 3 4. Creating Extensions 4 5. VoIP Provider Setup
I Table of Contents Part I Introduction 1 Part II Requirements 1 Part III Installation 2 1 Power... Adapter 3 2 Power... over Ethernet (PoE) 3 3 IP Address... 3 4 Factory... Settings 3 4 Part IV Registering
Cox Business Premium Online Backup USER'S GUIDE Cox Business VERSION 1.0 Table of Contents ABOUT THIS GUIDE... 4 DOWNLOADING COX BUSINESS PREMIUM ONLINE BACKUP... 5 INSTALLING COX BUSINESS PREMIUM ONLINE
ManageEngine IT360 (Division of ZOHO Corporation) ) www.manageengine.com/it360 ManageEngine IT360 Professional Edition Installation Guide [email@example.com] [This document is a guideline for installing
COMvantage Solutions Presents: Version 3.x Cloud based Document Management Guide to Setting up Docs2Manage using Cloud Services Docs2Manage Support: Email: firstname.lastname@example.org Phone: +1.847.690.9900
GE Measurement & Control Remote Comms System Installation and User Reference Guide Contents BENEFITS OF REMOTE COMMS SYSTEM... 1 HOW THE REMOTE COMMS SYSTEM WORKS... 3 COMPONENTS OF REMOTE COMMS SYSTEM...
UAG715 Support Note Revision 1.00 August, 2012 Written by CSO Scenario 1 - Trunk Interface (Dual WAN) Application Scenario The Internet has become an integral part of our lives; therefore, a smooth Internet
DEPLOYMENT GUIDE Version 1.2 Deploying the BIG-IP System v10 with Microsoft IIS 7.0 and 7.5 Table of Contents Table of Contents Deploying the BIG-IP system v10 with Microsoft IIS Prerequisites and configuration
Use QNAP NAS for Backup BACKUP EXEC 12.5 WITH QNAP NAS Copyright 2010. QNAP Systems, Inc. All Rights Reserved. V1.0 Document revision history: Date Version Changes Apr 2010 1.0 Initial release Note: Information
Using LifeSize systems with Microsoft Office Communications Server 2007 This technical note describes the steps to integrate a LifeSize video communications device with Microsoft Office Communication Server