accuris partner solution guide
TRANSCRIPT
Technology Solution Guide Deploying Accuris Networks AccuROAM Wi-Fi Offload Solution With Aruba Networks’ Secure
Mobility Solution
AccuROAM Software version 1500 – v8.1 iOS Client V1.0 Android Client V1.0 Aruba 3600 Access Controller AOS version 6.0 Aruba AP-105 Access Point
Deploying Accuris Networks Wi-Fi Offload Solution With Aruba Networks’ Secure Mobility Solution
1
WARRANTY DISCLAIMER
THE FOLLOWING DOCUMENT, AND THE INFORMATION CONTAINED HEREIN IS PROVIDED ON
AN "AS IS" BASIS. ARUBA MAKES NO REPRESENTATIONS, WARRANTIES, CONDITIONS OR
GUARANTEES AS TO THE USEFULNESS, QUALITY, SUITABILITY, TRUTH, ACCURACY OR
COMPLETENESS OF THISDOCUMENT AND THE INFORMATION CONTAINED IN THIS DOCUMENT.
DISCLAIMER OF LIABILITY
Aruba Networks, Inc. disclaims liability for any personal injury, property or other damages of
any nature whatsoever, whether special, indirect, consequential or compensatory, directly or
indirectly resulting from the certification program or the acts or omissions of any company or
technology that has been certified by Aruba Networks.
Certification does not mean that the company is a subcontractor or under the technical control
or direction of Aruba Networks. In conducting the certification program Aruba Networks is not
undertaking to render professional or other services for or on behalf of any person or entity.
Deploying Accuris Networks Wi-Fi Offload Solution With Aruba Networks’ Secure Mobility Solution
2
Table of Contents Introduction .................................................................................................................................................. 3
Solution Components ................................................................................................................................... 3
Accuris Networks Solution ........................................................................................................................ 3
Aruba WLAN Solution ............................................................................................................................... 4
Solution Qualification ................................................................................................................................... 4
Qualification Objective ............................................................................................................................. 4
Aruba Wireless LAN Settings .................................................................................................................... 5
Test Methodology .................................................................................................................................... 7
Conclusion ................................................................................................................................................ 8
Appendix 1 – Successful WISPr RADIUS exchange ...................................................................................... 10
Appendix 2 – Successful EAP-SIM RADIUS exchange .................................................................................. 12
Appendix 3 – Aruba Access Controller Configuration File .......................................................................... 22
Deploying Accuris Networks Wi-Fi Offload Solution With Aruba Networks’ Secure Mobility Solution
3
Introduction This document describes the interoperability testing completed between Aruba’s wireless LAN (AOS
version. 6.0) infrastructure and Accuris Networks AccuROAM AAA server and the Accuris Networks
WISPr 1+ clients.
The document is intended to be used in conjunction with Aruba and Accuris Networks configuration
guides. Please contact the respective company’s sales engineering or support groups should additional
information be required.
Solution Verified: Accuris Networks AccuROAM server / handset clients
Aruba Product: Aruba WLAN Solution OS version 6.0– APs and ACs
Partner Solution Tested: Accuris Networks; AccuROAM Server Software version 1500-v8.1 Accuris Networks: WISPr 1+ clients: iOS Client – Software version 1.0 Android Client – Software version 1.0
Solution Components
Accuris Networks Solution The Accuris Networks Wi-Fi offload solution is designed to offer a seamless and secure handover from a
cellular network to an Aruba Wi-Fi network. The solution consists of two primary components:
AccuROAM Server;
Accuris Networks Handset client,
The AccuROAM server is required in all cases, while the clients are required only for WISPr based access
. The AccuROAM platform provides a suite of integrated functional components to support the following
services:
EAP-SIM/AKA/TLS, WiSPr 1.0, 1+, and WiSPr 2.0 authentication;
Location and presence;
Mobile service-continuity to end-users on the Aruba Wi-Fi including voice, messaging and supplementary services;
Tunneled data access to route data through the PDG while associated with the Aruba Wi-Fi network;
RADIUS-to- TAP conversion or file manipulation for reporting / data mining; and
Control of post-pay and prepaid service-access while on the Aruba Wi-Fi network.
Deploying Accuris Networks Wi-Fi Offload Solution With Aruba Networks’ Secure Mobility Solution
4
Aruba WLAN Solution The focus of interoperability testing with Aruba Wi-Fi was to ensure support for EAP-SIM/EAP-AKA and
WISPr based access. AP-105 Access Points and a 3600 Mobility Controller were used for this purpose.
For EAP-SIM/AKA, the Mobility Controller handles the EAP protocol and packages it into RADIUS
messaging for further delivery to the mobile network to complete the authentication process. The
Mobility Controller inspects messages and sets routing based on identified REALM information.
For WISPr, the Mobility Controller offers the required WISPr details within the HTTP of the landing page
presented to the client for login. This allows a suitable smart client to detect the required WISPr support
on the network and complete the automated login process. The Mobility Controller also directs RADIUS
requests to the AccuROAM AAA server based on HTTP requests generated by the client.
Certified Product Summary
Manufacturer Accuris Networks
Products Certified Accuris Networks AccuROAM Wi-Fi offload solution
Hardware Model Numbers HP DL 380 G7
Software Version Numbers Release 1500-v8.1
Client Version Numbers iOS client – 1.0
Android client – 1.0
Features Tested
EAP Access EAP-SIM / EAP-AKA
WISPr Access WISPr 1 access – proprietary Accuris Networks WISPr client
CDR Generation RADUIS Accounting Record Generation and transfer
Solution Qualification
Qualification Objective
The objective of qualification testing was to validate the interoperability of the Accuris Networks
AccuROAM server and the Accuris Networks Wi-Fi offload clients with Aruba’s wireless LAN
infrastructure using both EAP and WISPs topologies. These are presents, respectively, in the following
two figures.
Deploying Accuris Networks Wi-Fi Offload Solution With Aruba Networks’ Secure Mobility Solution
5
EAP Topology
WISPr Topology
Aruba Wireless LAN Settings
This section assumes that the user is familiar with Mobility Controller configuration and operation, as
well as RADIUS configuration and operation. For additional information on Aruba controller
Deploying Accuris Networks Wi-Fi Offload Solution With Aruba Networks’ Secure Mobility Solution
6
configuration please refer to the Aruba OS User Guide and the Aruba WISPr Primer documents available
from support.arubanetworks.com.
The following instructions assume the presence of a fully operational Aruba wireless network, complete
with an operational captive portal, as a prerequisite to WISPr integration.
RADIUS Setting
Define the RADIUS servers. The authentication and accounting requests will be sent to the defined
servers from the Mobility Controller. The user account username/passwords are stored on these RADIUS
servers.
WISPr authentication profile configuration
Initial User Role
Apply the WISPr profile to the initial role of the SSID that the WISPr smart clients will access. This is
typically the same SSID that is used for standard captive portal users. The WISPr process does not
interfere with captive portal.
User-role preauth-wispr-user captive-portal <<name of the captive portal profile>> wispr <<wispr profile identifier>> access-list session logon-control access-list session captiveportal access-list session pre-authaccess !
aaa authentication wispr <<wispr profile identifier>> default-role “wispr authenticated role” server-group <<Servers used for WISPr>> wispr-location-id-socc “US” ((specify the location))
wispr-location-id-cc “1” wispr-location-id-ac “000” wispr-location-id-network <<Network id; ex Boingo hostspot>> wispr-location-name-operator-name <<Name of the operator>> !
aaa authentication-server radius <<radius server identifier>> host <<ip address of the radius server>> key <<shared key>> ! aaa server-group <<Servers used for WISPr>> allow-fail-through auth-server <<radius server identifier>> !
Deploying Accuris Networks Wi-Fi Offload Solution With Aruba Networks’ Secure Mobility Solution
7
Certificates
Install the server certificate using the controller’s webUI and note the CN.
Refer to Appendix 3 for the Mobility Controller configuration used in the testing.
Accuris Networks Settings
The following Accuris Networks AccuROAM/client settings are recommended for use with the Mobility
Controller.
Accuris Networks Clients:
Client settings are automatically configured on client install – default settings are recommended
SMS destination number: 447624802789 AccuROAM settings
SIGTRAN Setup – e.214 address translation for mobile network IMSIs
RADIUS Setup – IP connection to AC. Shared Secret configured to accept RADIUS connection Realm configured to match Aruba and thus accept RADIUS requests
UDID’s for all test handsets
Test Methodology The following tests were conducted for EAP-SIM and non-EAP using both Apple iPhone and Google
Android based devices:
Download of WPA supplicant profile;
Detection of test access point;
Attachment to Wi-Fi access point;
Disconnection and reconnected to access point;
Web browsing and file download when attached.
All tests were successful concluded. The tables below summarize the test results by test case and client
device platform.
crypto-local pki ServerCert testcert <<CN>> web-server switch-cert testcert captive-portal-cert testcert !
Deploying Accuris Networks Wi-Fi Offload Solution With Aruba Networks’ Secure Mobility Solution
8
Test Title Test Description Result
iPhone EAP-SIM TEST CASES
CAT-EAP-I-0001 Successful download of WPA supplicant profile to iPhone OK
CAT-EAP-I-0002 Successful detection of test access point OK
CAT-EAP-I-0003 Successful attachment to Wi-Fi access point * OK
CAT-EAP-I-0004 Successful disconnection and reconnected to Access Point OK
CAT-EAP-I-0005 Successful Web browsing and file download when attached OK
iPhone Non-EAP TEST CASES
CAT-WSP-I-0001 Successful download of client to the iPhone device OK
CAT-WSP-I-0002 Successful detection of test access point OK
CAT-WSP-I-0003 Successful attachment to Wi-Fi access point OK
CAT-WSP-I-0004 Successful disconnection and Reconnected to access point OK
CAT-WSP-I-0005 Successful Web browsing and file download when attached OK
Android Non-EAP TEST CASES – Samsung Galaxy
CAT-WSR-A-0001 Successful download of client on an Android device OK
CAT-WSR-A-0002 Successful detection of test access point OK
CAT-WSR-A-0003 Successful attachment to Wi-Fi access point OK
CAT-WSR-A-0004 Successful disconnection and reconnected to access point OK
CAT-WSR-A-0005 Successful Web browsing and file download when attached OK
* Attachment includes both full authentication back to the network AuC, and fast re-authentication as
detailed in RFC 4186/4187.
** Pseudonym Identity is also supported as detailed in RFC 4186/4187
Conclusion Testing confirmed the interoperability of Aruba’s wireless LAN (AOS version. 6.0) infrastructure and
Accuris Networks’ AccuROAM AAA server and WISPr 1+ clients. This solution enables service providers
to deploy a robust Wi-Fi offloading solution - leveraging Aruba’s best-in-class performance, scalability,
Deploying Accuris Networks Wi-Fi Offload Solution With Aruba Networks’ Secure Mobility Solution
9
and security – with the confidence that connection, disconnection, and security features will be handled
appropriately.
© 2012 Aruba Networks, Inc. Aruba Networks’ trademarks include ®, Aruba Networks®, Aruba Wireless
Networks®, the registered Aruba the Mobile Edge Company logo, Aruba Mobility Management System®,
Mobile Edge Architecture®, People Move. Networks Must Follow®, RFProtect®, and Green Island®. All
rights reserved. All other trademarks are the property of their respective owners. Specifications are
subject to change without notice.
Deploying Accuris Networks Wi-Fi Offload Solution With Aruba Networks’ Secure Mobility Solution
10
Appendix 1 – Successful WISPr RADIUS exchange The WISPr attachment involves the following RADIUS sequence:
Access Request:
Deploying Accuris Networks Wi-Fi Offload Solution With Aruba Networks’ Secure Mobility Solution
11
Access Accept:
Deploying Accuris Networks Wi-Fi Offload Solution With Aruba Networks’ Secure Mobility Solution
12
Appendix 2 – Successful EAP-SIM RADIUS exchange The EAP-SIM attachment and accounting involves the following RADIUS sequence:
Access Request 1 – message 1:
Deploying Accuris Networks Wi-Fi Offload Solution With Aruba Networks’ Secure Mobility Solution
13
Access Challenge 1 – message 2:
Deploying Accuris Networks Wi-Fi Offload Solution With Aruba Networks’ Secure Mobility Solution
14
Access Request 2 – message 3:
Deploying Accuris Networks Wi-Fi Offload Solution With Aruba Networks’ Secure Mobility Solution
15
Access Challenge 2 – message 4:
Deploying Accuris Networks Wi-Fi Offload Solution With Aruba Networks’ Secure Mobility Solution
16
Access Request 3 – message 5:
Deploying Accuris Networks Wi-Fi Offload Solution With Aruba Networks’ Secure Mobility Solution
17
Access Accept 1 – message 6:
Deploying Accuris Networks Wi-Fi Offload Solution With Aruba Networks’ Secure Mobility Solution
18
Accounting Request 1 – message 7:
Deploying Accuris Networks Wi-Fi Offload Solution With Aruba Networks’ Secure Mobility Solution
19
Accounting Response 1 - message 8:
Deploying Accuris Networks Wi-Fi Offload Solution With Aruba Networks’ Secure Mobility Solution
20
Accounting Request 2 - message 9:
Deploying Accuris Networks Wi-Fi Offload Solution With Aruba Networks’ Secure Mobility Solution
21
Accounting Response 2 – message 10:
Deploying Accuris Networks Wi-Fi Offload Solution With Aruba Networks’ Secure Mobility Solution
22
Appendix 3 – Aruba Access Controller Configuration File version 6.0
hostname "Aruba3600-US"
clock timezone 0
location "Building1.floor1"
controller config 22
ip NAT pool dynamic-srcnat 0.0.0.0 0.0.0.0
ip access-list eth validuserethacl
permit any
!
netservice svc-netbios-dgm udp 138
netservice svc-snmp-trap udp 162
netservice svc-syslog udp 514
netservice svc-l2tp udp 1701
netservice svc-ike udp 500
netservice svc-smb-tcp tcp 445
netservice svc-dhcp udp 67 68 alg dhcp
netservice svc-https tcp 443
netservice svc-pptp tcp 1723
netservice svc-sec-papi udp 8209
netservice svc-sccp tcp 2000 alg sccp
netservice svc-http-accl tcp 88
netservice svc-telnet tcp 23
netservice svc-netbios-ssn tcp 139
netservice svc-sip-tcp tcp 5060
netservice svc-kerberos udp 88
netservice svc-tftp udp 69 alg tftp
netservice svc-http-proxy3 tcp 8888
netservice svc-noe udp 32512 alg noe
netservice svc-cfgm-tcp tcp 8211
netservice svc-adp udp 8200
netservice svc-pop3 tcp 110
netservice svc-lpd-tcp tcp 631
netservice svc-rtsp tcp 554 alg rtsp
netservice svc-msrpc-tcp tcp 135 139
netservice svc-dns udp 53 alg dns
netservice svc-h323-udp udp 1718 1719
netservice svc-h323-tcp tcp 1720
netservice svc-vocera udp 5002 alg vocera
netservice svc-http tcp 80
netservice svc-http-proxy2 tcp 8080
netservice svc-sip-udp udp 5060
netservice svc-nterm tcp 1026 1028
netservice svc-noe-oxo udp 5000 alg noe
netservice svc-papi udp 8211
netservice svc-natt udp 4500
netservice svc-ftp tcp 21 alg ftp
netservice svc-microsoft-ds tcp 445
netservice svc-svp 119 alg svp
netservice svc-smtp tcp 25
netservice svc-gre 47
netservice svc-netbios-ns udp 137
netservice svc-sips tcp 5061 alg sips
netservice svc-smb-udp udp 445
Deploying Accuris Networks Wi-Fi Offload Solution With Aruba Networks’ Secure Mobility Solution
23
netservice svc-cups tcp 515
netservice svc-esp 50
netservice svc-v6-dhcp udp 546 547
netservice svc-snmp udp 161
netservice svc-bootp udp 67 69
netservice svc-msrpc-udp udp 135 139
netservice svc-ntp udp 123
netservice svc-icmp 1
netservice svc-ssh tcp 22
netservice svc-lpd-udp udp 631
netservice svc-v6-icmp 58
netservice svc-http-proxy1 tcp 3128
time-range night-hours periodic
weekday 18:01 to 23:59
weekday 00:00 to 07:59
!
time-range weekend periodic
weekend 00:00 to 23:59
!
time-range working-hours periodic
weekday 08:00 to 18:00
!
ip access-list session v6-icmp-acl
any any svc-vocera permit queue high
!
ip access-list session control
any any svc-natt permit
user any udp 68 deny
any any svc-icmp permit
any any svc-dns permit
any any svc-papi permit
any any svc-sec-papi permit
any any svc-cfgm-tcp permit
any any svc-adp permit
any any svc-tftp permit
any any svc-dhcp permit
!
ip access-list session allow-diskservices
any any svc-netbios-dgm permit
any any svc-netbios-ssn permit
any any svc-microsoft-ds permit
any any svc-netbios-ns permit
!
ip access-list session validuser
network 169.254.0.0 255.255.0.0 any any deny
any any any permit
ipv6 any any any permit
!
ip access-list session v6-https-acl
any any svc-icmp permit
!
ip access-list session WISPr_Policy
!
ip access-list session v6-dhcp-acl
!
ip access-list session captiveportal
Deploying Accuris Networks Wi-Fi Offload Solution With Aruba Networks’ Secure Mobility Solution
24
user alias controller svc-https dst-nat 8081
user any svc-http dst-nat 8080
user any svc-https dst-nat 8081
user any svc-http-proxy1 dst-nat 8088
user any svc-http-proxy2 dst-nat 8088
user any svc-http-proxy3 dst-nat 8088
!
ip access-list session allowall
any any svc-icmp permit
any any any permit
any any svc-sip-udp permit queue high
any any svc-sip-tcp permit queue high
!
ip access-list session https-acl
any any svc-https permit
!
ip access-list session dns-acl
user any udp 68 deny
any any svc-icmp permit
any any svc-dns permit
any any svc-dhcp permit
any any svc-natt permit
any host 172.16.0.253 svc-sip-udp permit queue high
any any svc-gre permit
any any svc-cfgm-tcp permit
!
ip access-list session ra-guard
!
ip access-list session logon-control
user any udp 68 deny
any any svc-icmp permit
any any svc-dns permit
any any svc-dhcp permit
any any svc-natt permit
any any svc-gre permit
any any svc-cfgm-tcp permit
user alias controller svc-https dst-nat 8081
!
ip access-list session v6-allowall
!
ip access-list session tftp-acl
any any svc-tftp permit
!
ip access-list session skinny-acl
any any svc-sccp permit queue high
!
ip access-list session srcnat
user any any src-nat
!
ip access-list session vpnlogon
user any svc-ike permit
user any svc-esp permit
any any svc-l2tp permit
any any svc-pptp permit
any any svc-gre permit
!
Deploying Accuris Networks Wi-Fi Offload Solution With Aruba Networks’ Secure Mobility Solution
25
ip access-list session captiveportal6
!
ip access-list session noe-acl
any any svc-noe permit queue high
!
ip access-list session ap-acl
any user svc-telnet permit
any any udp 5555 permit
any any svc-gre permit
any any svc-syslog permit
any user svc-snmp permit
user any svc-http permit
user any svc-http-accl permit
user any svc-smb-tcp permit
user any svc-msrpc-tcp permit
user any svc-snmp-trap permit
user any svc-ntp permit
user alias controller svc-ftp permit
any any svc-svp permit queue high
user host 224.0.1.116 any permit
!
ip access-list session AmigoPod-permit
!
ip access-list session v6-logon-control
!
ip access-list session h323-acl
any any svc-h323-tcp permit queue high
any any svc-h323-udp permit queue high
!
vpn-dialer default-dialer
ike authentication PRE-SHARE
a47508ceb01f70a316349683785eb9b6bf51469ac648f919
!
user-role ap-role
!
user-role wispr_user
wispr "WISPr_Auth"
access-list session logon-control
access-list session captiveportal
access-list session vpnlogon
access-list session v6-logon-control
access-list session allowall
!
user-role Accuris_WEP-guest-logon
captive-portal "Accuris_WEP-cp_prof"
wispr "WISPr_Auth"
access-list session logon-control
access-list session captiveportal
access-list session vpnlogon
!
user-role guest-logon
access-list session captiveportal6
access-list session logon-control
access-list session captiveportal
access-list session vpnlogon
access-list session v6-logon-control
Deploying Accuris Networks Wi-Fi Offload Solution With Aruba Networks’ Secure Mobility Solution
26
!
user-role guest
vlan 1
access-list session validuser
!
user-role Accuris_OPEN-logon
wispr "WISPr_Auth"
access-list session logon-control
access-list session captiveportal
access-list session vpnlogon
access-list session v6-logon-control
!
user-role stateful-dot1x
!
user-role WISPr1APb-guest-logon
access-list session captiveportal6
access-list session logon-control
access-list session captiveportal
access-list session vpnlogon
access-list session v6-logon-control
!
user-role Accuris_OPEN-guest-logon
access-list session captiveportal6
access-list session logon-control
access-list session captiveportal
access-list session vpnlogon
access-list session v6-logon-control
!
user-role logon
access-list session captiveportal6
access-list session logon-control
access-list session captiveportal
access-list session vpnlogon
access-list session v6-logon-control
!
!
controller-ip vlan 1
interface mgmt
shutdown
!
dialer group evdo_us
init-string ATQ0V1E0
dial-string ATDT#777
!
dialer group gsm_us
init-string AT+CGDCONT=1,"IP","ISP.CINGULAR"
dial-string ATD*99#
!
dialer group vivo_br
init-string AT+CGDCONT=1,"IP","zap.vivo.com.br"
dial-string ATD*99#
!
Deploying Accuris Networks Wi-Fi Offload Solution With Aruba Networks’ Secure Mobility Solution
27
dialer group gsm_asia
init-string AT+CGDCONT=1,"IP","internet"
dial-string ATD*99***1#
!
vlan-name VLAN_1
vlan VLAN_1 1
no spanning-tree
interface gigabitethernet 1/0
description "GE1/0"
trusted
trusted vlan 1-4094
!
interface gigabitethernet 1/1
description "GE1/1"
trusted
trusted vlan 1-4094
!
interface gigabitethernet 1/2
description "GE1/2"
trusted
trusted vlan 1-4094
!
interface gigabitethernet 1/3
description "GE1/3"
trusted
trusted vlan 1-4094
!
interface vlan 1
ip address 172.16.0.254 255.255.255.0
!
ip default-gateway 172.16.0.1
uplink disable
ap mesh-recovery-profile cluster RecoveryMm2SC9h8xCeWzmVY wpa-hexkey
13355a2a9734446e94d13450f055559afc90fc3fa9bf67dc3f4e7a678d90b240ff3f3f639e61d
126762b8c402ba39fcd15c777ee8bacadb38a76c19e7816e4c8e44954022344b09715f033e225
c45b6b
wms
general poll-interval 60000
general poll-retries 3
general ap-ageout-interval 30
general adhoc-ap-ageout-interval 5
general sta-ageout-interval 30
general learn-ap disable
Deploying Accuris Networks Wi-Fi Offload Solution With Aruba Networks’ Secure Mobility Solution
28
general persistent-neighbor enable
general propagate-wired-macs enable
general stat-update enable
general collect-stats disable
!
crypto ipsec transform-set default-boc-bm-transform esp-3des esp-sha-hmac
crypto ipsec transform-set default-rap-transform esp-aes256 esp-sha-hmac
vpdn group l2tp
!
ip dhcp pool Accuris
default-router 172.16.0.1
dns-server 85.91.1.128 85.91.1.130
lease 3 0 0 0
network 172.16.0.0 255.255.255.0
authoritative
!
service dhcp
ip dhcp default-pool private
!
vpdn group pptp
!
mux-address 0.0.0.0
adp discovery enable
adp igmp-join enable
adp igmp-vlan 0
voice rtcp-inactivity disable
voice sip-midcall-req-timeout disable
ssh mgmt-auth username/password
mgmt-user admin root d42b905a011cdff8dc9b8d6ab13ce7be800609c23d0676d26c
no database synchronize
database synchronize rf-plan-data
ip mobile domain default
!
ip igmp
!
no firewall attack-rate cp 1024
!
firewall cp
!
firewall cp
Deploying Accuris Networks Wi-Fi Offload Solution With Aruba Networks’ Secure Mobility Solution
29
packet-capture-defaults tcp disable udp disable sysmsg disable other disable
!
ip domain lookup
!
country US
aaa authentication mac "default"
!
aaa authentication dot1x "Accuris_OPEN-dot1x_prof"
!
aaa authentication dot1x "Accuris_WLAN-dot1x_prof"
!
aaa authentication dot1x "default"
!
aaa authentication dot1x "dot1x_prof-heg79"
!
aaa authentication-server radius "ianslinux"
host "10.50.1.62"
key 5843006372c6ac28550b63ce5f3852bd
authport 8300
acctport 8301
!
aaa server-group "Accuris"
auth-server ianslinux
!
aaa server-group "default"
auth-server ianslinux
auth-server Internal
!
aaa authentication via connection-profile "default"
!
aaa authentication via web-auth "default"
!
aaa authentication via global-config
!
aaa profile "Accuris_OPEN-aaa_prof"
initial-role "Accuris_WEP-guest-logon"
no devtype-classification
!
aaa profile "Accuris_WEP-aaa_prof"
initial-role "Accuris_WEP-guest-logon"
!
aaa profile "Accuris_WLAN-aaa_prof"
initial-role "wispr_user"
!
aaa profile "default"
!
aaa authentication captive-portal "Accuris_OPEN-cp_prof"
!
aaa authentication captive-portal "Accuris_WEP-cp_prof"
no user-logon
!
aaa authentication captive-portal "default"
!
aaa authentication captive-portal "WISPr1APb-cp_prof"
!
aaa authentication wispr "default"
Deploying Accuris Networks Wi-Fi Offload Solution With Aruba Networks’ Secure Mobility Solution
30
!
aaa authentication wispr "WISPr_Auth"
default-role "wispr_user"
!
aaa authentication vpn "default"
!
aaa authentication mgmt
!
aaa authentication stateful-ntlm "default"
!
aaa authentication stateful-kerberos "default"
!
aaa authentication stateful-dot1x
default-role "wispr_user"
enable
!
aaa authentication via auth-profile "default"
!
aaa authentication wired
!
web-server
!
papi-security
!
guest-access-email
!
voice logging
!
voice dialplan-profile "default"
!
voice real-time-config
!
voice sip
!
aaa password-policy mgmt
!
control-plane-security
!
valid-network-oui-profile
!
ap system-profile "default"
!
ap regulatory-domain-profile "default"
country-code US
valid-11g-channel 1
valid-11g-channel 6
valid-11g-channel 11
valid-11a-channel 36
valid-11a-channel 40
valid-11a-channel 44
valid-11a-channel 48
valid-11a-channel 149
valid-11a-channel 153
valid-11a-channel 157
valid-11a-channel 161
valid-11a-channel 165
Deploying Accuris Networks Wi-Fi Offload Solution With Aruba Networks’ Secure Mobility Solution
31
valid-11g-40mhz-channel-pair 1-5
valid-11g-40mhz-channel-pair 7-11
valid-11a-40mhz-channel-pair 36-40
valid-11a-40mhz-channel-pair 44-48
valid-11a-40mhz-channel-pair 149-153
valid-11a-40mhz-channel-pair 157-161
!
ap wired-ap-profile "default"
!
ap enet-link-profile "default"
!
ap mesh-ht-ssid-profile "default"
!
ap mesh-cluster-profile "default"
!
ap wired-port-profile "default"
!
ap mesh-radio-profile "default"
!
ids general-profile "default"
!
ids unauthorized-device-profile "default"
!
ids profile "default"
!
rf arm-profile "default"
!
rf optimization-profile "default"
!
rf event-thresholds-profile "default"
!
rf am-scan-profile "default"
!
rf dot11a-radio-profile "default"
!
rf dot11g-radio-profile "default"
!
wlan dot11k-profile "default"
!
wlan voip-cac-profile "default"
!
wlan ht-ssid-profile "Accuris_OPEN-htssid_prof"
!
wlan ht-ssid-profile "Accuris_WEP-htssid_prof"
!
wlan ht-ssid-profile "Accuris_WLAN-htssid_prof"
!
wlan ht-ssid-profile "default"
!
wlan edca-parameters-profile station "default"
!
wlan edca-parameters-profile ap "default"
!
wlan ssid-profile "Accuris_OPEN-ssid_prof"
essid "WISPr1APb"
ht-ssid-profile "Accuris_OPEN-htssid_prof"
Deploying Accuris Networks Wi-Fi Offload Solution With Aruba Networks’ Secure Mobility Solution
32
!
wlan ssid-profile "Accuris_WEP-ssid_prof"
essid "Accuris_WEP"
ht-ssid-profile "Accuris_WEP-htssid_prof"
!
wlan ssid-profile "Accuris_WLAN-ssid_prof"
essid "Accuris_WLAN"
ht-ssid-profile "Accuris_WLAN-htssid_prof"
!
wlan ssid-profile "default"
!
wlan virtual-ap "Accuris_OPEN-vap_prof"
aaa-profile "Accuris_OPEN-aaa_prof"
ssid-profile "Accuris_OPEN-ssid_prof"
vlan 1
no blacklist
band-steering
!
wlan virtual-ap "Accuris_WEP-vap_prof"
aaa-profile "Accuris_WEP-aaa_prof"
ssid-profile "Accuris_WEP-ssid_prof"
vlan 1
!
wlan virtual-ap "Accuris_WLAN-vap_prof"
aaa-profile "Accuris_WLAN-aaa_prof"
ssid-profile "Accuris_WLAN-ssid_prof"
vlan 1
no blacklist
band-steering
!
wlan virtual-ap "default"
!
ap provisioning-profile "default"
master set "172.16.0.254"
!
ap-group "default"
virtual-ap "Accuris_WLAN-vap_prof"
virtual-ap "Accuris_OPEN-vap_prof"
!
logging level debugging user-debug 00:13:ce:1a:b6:5b
logging level debugging user-debug 78:d6:f0:60:a4:a0
snmp-server enable trap
process monitor log
end