Management Authentication using Windows IAS as a Radius Server



Similar documents
How To Configure Windows Server 2008 as a RADIUS Server with MS-CHAP v2 Authentication

Configuring a Windows 2003 Server for IAS

Microsoft IAS Configuration for RADIUS Authorization

Cox Managed CPE Services. RADIUS Authentication for AnyConnect VPN Version 1.3 [Draft]

Configuring Internet Authentication Service on Microsoft Windows 2003 Server

How to Configure Web Authentication on a ProCurve Switch

How to configure MAC authentication on a ProCurve switch

Configuring Microsoft RADIUS Server and Gx000 Authentication. Configuration Notes. Revision 1.0 February 6, 2003

CruzNet Secure Set-Up Instructions for Windows Vista

Application Note. Using a Windows NT Domain / Active Directory for User Authentication NetScreen Devices 8/15/02 Jay Ratford Version 1.

How to Access Coast Wi-Fi

Remote Access Technical Guide To Setting up RADIUS

Configure your firewall for administrative access via RADIUS authentication

How to connect to the diamonds wireless network with Vista.

IIS, FTP Server and Windows

TSM for Windows Installation Instructions: Download the latest TSM Client Using the following link:

How to set up Outlook Anywhere on your home system

Use 802.1x EAP-TLS or PEAP-MS-CHAP v2 with Microsoft Windows Server 2003 to Make a Secure Network

Connec ng to Northwest s WIFI with Windows 7

Configuring WPA-Enterprise/WPA2 with Microsoft RADIUS Authentication

Automatic Setup... 1 Manual Setup... 2 Installing the Wireless Certificates... 18

IT Quick Reference Guides Connecting to SU-Secure using Windows 8

Case Study - Configuration between NXC2500 and LDAP Server

How to Setup PPTP VPN Between a Windows PPTP Client and the DIR-130.

Setting up Sharp MX-Color Imagers for Inbound Fax Routing to or Network Folder

AD Self Password Reset Installation and configuration

Using Windows 2008 RADIUS Authentication with Tripp Lite SNMPWEBCARD

Connecting to UNOSECURE using Windows 7

Authenticating users of Cisco NCS or Cisco Prime Infrastructure against Microsoft NPS (RADIUS)

How To Integrate Watchguard Xtm With Secur Access With Watchguard And Safepower 2Factor Authentication On A Watchguard 2T (V2) On A 2Tv 2Tm (V1.2) With A 2F

Configuration Guide. Remote Backups How-To Guide. Overview

Cloud Services ADM. Agent Deployment Guide

VERALAB LDAP Configuration Guide

Instructions for connecting to the FDIBA Wireless Network. (Windows XP)

Step by Step Guide to implement SMS authentication to F5 Big-IP APM (Access Policy Manager)

Seamless and Secure Access (SSA) Manual Configuration Guide for Windows Mobile 6.1

External Authentication with Windows 2003 Server with Routing and Remote Access service Authenticating Users Using SecurAccess Server by SecurEnvoy

Configuring Windows 7 to Use Encrypted (WPA-E) Wireless Services a...

ZyWALL OTP Co works with Active Directory Not Only Enhances Password Security but Also Simplifies Account Management

Instructions for connecting to the LSC-O Secure Wireless Network

Manual Configuration Instructions

Instructions for accessing the new TU wireless Network

Step-by-Step Setup Guide Wireless File Transmitter FTP Mode

netld External Authentication Setup Guide

Technical Note. Configuring Outlook Web Access with Secure WebMail Proxy for eprism

Internet Access: Wireless WVU.Encrypted Network Connecting a Windows 7 Device

Digipass Plug-In for IAS troubleshooting guide. Creation date: 15/03/2007 Last Review: 24/09/2007 Revision number: 3

System Administration and Log Management

AeroLab Wireless Network Code of Conduct. Connecting to the AeroLab Wireless Network

How-to: HTTP-Proxy and Radius Authentication and Windows IAS Server settings. Securepoint Security System Version 2007nx

How To Connect A Gemalto To A Germanto Server To A Joniper Ssl Vpn On A Pb.Net 2.Net (Net 2) On A Gmaalto.Com Web Server

Accessing the Media General SSL VPN

User Guide for eduroam

Snom 720 and Elastix Server

Active Directory Management. Agent Deployment Guide

Configuring Steel-Belted RADIUS Proxy to Send Group Attributes

Application Note. Setting up RADIUS authentication on Opengear devices using Windows 2003 Internet Authentication Service

Step-by-Step Setup Guide Wireless File Transmitter FTP Mode

6. After connecting reopen the wireless connections window. Right click on RamNet and select properties. Page 2 of 7

Chapter 3 Authenticating Users

Active Directory integration with CloudByte ElastiStor

HIPAA Compliance Use Case

External Authentication with Cisco VPN 3000 Concentrator Authenticating Users Using SecurAccess Server by SecurEnvoy

1. Open Thunderbird. If the Import Wizard window opens, select Don t import anything and click Next and go to step 3.

Windows PEAP-GTC Supplicant Plug-In

ZyWALL OTPv2 Support Notes

Configuring SIP Mobility for CounterPath Bria on the NetVanta 7100 and NetVanta UC Server Systems

FortiGate RADIUS Single Sign-On (RSSO) with Windows Server 2008 Network Policy Server (NPS) VERSION 5.2.3

SQL Server Setup for Assistant/Pro applications Compliance Information Systems

Section 4 Application Description - LDAP

Purple Sturgeon Standard VPN Installation Manual for Windows XP

Eduroam wireless network Windows Vista

Wireless Network Configuration Guide

Configuring Color Access on the WorkCentre 7120 Using Microsoft Active Directory Customer Tip

Step-by-Step Guide for Setting Up VPN-based Remote Access in a

Installation Guides - Information required for connection to the Goldfields Institute s (GIT) Wireless Network

Update Instructions

CTERA Cloud Onramp for IBM Tivoli Storage Manager

Configuring Eduroam in Windows Vista

VoIP Intercom and Elastix Server

From Release 8.0, IPv6 can also be used to configure the LDAP server on the controller.

Exchange 2003 Mailboxes

Connect to the Sheridan College / Gillette College - STUDENT Secure Wireless Network with the PEAP Client (Windows XP Pro)

How to connect to NAU s WPA2 Enterprise implementation in a Residence Hall:

Mac OS X Secure Wireless Setup Guide

DESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014

Active Directory Validation - User Guide

PRODUCT WHITE PAPER LABEL ARCHIVE. Adding and Configuring Active Directory Users in LABEL ARCHIVE

Massey University Wireless Network Client Configuration Windows 7

Mapping ITS s File Server Folder to Mosaic Windows to Publish a Website

Using Windows Task Scheduler instead of the Backup Express Scheduler

Tool Tip. SyAM Management Utilities and Non-Admin Domain Users

LifeSize Control Installation Guide


Update Instructions

Steps for using MagicConnect

Manually Configuring Windows Vista for Wireless PittNet

Vantage RADIUS 50. Quick Start Guide Version 1.0 3/2005

Windows Vista: Connecting to the wireless network at Hood College

Defender Token Deployment System Quick Start Guide

Transcription:

Management Authentication using Windows IAS as a Radius Server OVERVIEW: In this we are using Radius server Windows IAS as a backend server for the management authentication for the controller. When the user try to login into the controller the request will first go to the external radius server to validate. If the user entry is present in the Windows AD(Active Directory) the success authentication will happen and the user can login into the controller with the admin rights. We are using this technique as to provide more security within the network, i.e. only valid users those have a privilege can access the network device. Q: What are the settings I have to configure on the controller as well as on the radius server for successful management authentication and bypass the enable password? First of all we have to configure an external radius server (IAS). Please do the below steps to configure the radius server. Please navigate to Start -> Settings -> Control Panel -> Administrative Tools -> Internet Authentication Service ->click Right click on the Internet Authentication Service(local) and check whether the service is start or not. If not please start the service.

Right click on the Radius Clients and select New Radius Client. Specify any friendly name to the radius client and below mention the controller s IP address or Switch IP address. Click on next button. Specify the Shared Secret key in the below screen (in my case its aruba@123 ) and click the finish button.

Now create the remote policy, right click on the Remote Access Policies and select New Remote Access Policy the below screen will appears. Lick on the next button

Select the first option Use the wizard to set up and give some name to the remote policy e.g. Remote-Policy. Click on the next button Select the options based on the method used to gain access to the network. In our case I am using Wireless. Click on next button

Select the user or group in the below screen. In my scenario I am using the user instead of group. Click on the next button. Select the Protected EAP (PEAP) from the drop down menu and click on the next button.

Click on the finish button to save the changes. Right click on the Remote policy we have created just now and go to the properties.

The below window will open. Choose the Grant remote access permission option and click on Edit Profile Click on the Authentication tab and select the below authentication method that includes PAP and MSCHAP. Click on the Apply button to save the changes.

Click on the Advanced tab on the same window as above. Click on the add button

Choose the Vendor-Specific option and click on Add button. Click on the add button in the below window

Enter the vendor code as 14823(which is for Aruba) and choose the option Yes, It confirms. Click on Configure Attribute button

Specify the Vendor-assigned attribute number as 3 and attribute value as 7 and click on Ok button to save the changes. Click on Ok and apply buttons in all the windows as to save the changes. Also create a user entry in the active directory. After creating the user entry on the Windows Active directory, right click on the user and go to the properties. Select the Dial-in tab and choose the Allow access for the user and click on Ok button. The setting we have to configure on the Aruba controller or Switch.

FROM WEBUI: Please navigate to Configuration tab-> Under Security click on Authentication -> Select the Servers tab -> Click on RADIUS Server -> Specify any name e.g. Aruba -> add -> Apply Click on the Radius server you just created and specify the details like radius client ip address and the shared secret key -> Apply

Click on the Server Group under the same window and create a new server group e.g. Test-Server -> Add -> Apply Choose the Server Group you created above -> on the RHS click on new button choose the radius server from the drop down menu -> Add Server -> Apply

As to check whether the communication is happens between Aruba Controller and radius server. Go to Diagnostics tab -> AAA test server -> From the drop down menu select the radius server e.g. Aruba -> choose any authentication method PAP or MSCHAPv2-> Specify the username -> type the password -> Begin test If you will see the Authentication successful means communication happens between Aruba controller and Radius server. Please navigate to Configuration tab-> Under Management click on Administration -> On the RHS select the server group under Management Authentication Servers from the drop-down menu e.g. Test-Server-> Apply

Try to login into the controller with the user entry present on the Windows Active Directory e.g. in my case ram is the username. FROM CLI: (Aruba) #configure t Enter Configuration commands, one per line. End with CNTL/Z (Aruba) (config) #aaa authentication-server radius Aruba (Aruba) (RADIUS Server "Aruba") #enable (Aruba) (RADIUS Server "Aruba") #host 10.130.226.10 (Aruba) (RADIUS Server "Aruba") #key aruba@123 (Aruba) (RADIUS Server "Aruba") #exit (Aruba) (config) #exit (Aruba) #aaa test-server pap Aruba ram aruba@123 Authentication successful (Aruba) #show aaa authentication-server all Auth Server Table ----------------- Name Type IP addr AuthPort Status Inservice Requests ---- ---- ------- -------- - ----- --------- -------- Internal Local 10.130.226.4 n/a Enabled Yes 0 Aruba Radius 10.130.226.10 1812 Enabled Yes 34 (Aruba) # User: ram

Password: ********* NOTICE NOTICE -- This switch has active licenses that will expire in 21 days NOTICE NOTICE -- See 'show license' for details. NOTICE (Aruba) #

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information