aruba wirless 2400

sportsboy
sportsboy used Ask the Experts™
on
Dear Experts,
we have one aruba wireless contorller 2400 series in our network for wireless users.
the problem is this guest users connect to network without giving any password.
i want to configure password for wireless guest users so whenever they want to access wireless network they must prompt for password. the fallowing vlan 114  used for
wireless users. please see the configurations and suggest me how i can enable password on guest users.
interface vlan 112
        ip address 10.112.64.5 255.255.252.0
        ip helper-address 10.1.1.19
        ip nat inside
!

interface vlan 113
        ip address 10.113.64.5 255.255.252.0
        ip helper-address 10.1.1.19
!

interface vlan 114
        ip address 10.114.64.5 255.255.252.0
        ip nat inside
!

interface vlan 115
        ip address 10.115.64.5 255.255.252.0
!

ip default-gateway 10.115.64.1

wms
 general poll-interval 60000
 general poll-retries 2
 general ap-ageout-interval 30
 general sta-ageout-interval 30
 general learn-ap disable
 general persistent-known-interfering enable
 general propagate-wired-macs enable
 general stat-update enable
 general collect-stats disable
!
no crypto isakmp psk-caching
no crypto-local isakmp permit-invalid-cert
localip 0.0.0.0 ipsec 9204408fcb62252b0794d4683922de344fa41181b2bbe2cf
crypto isakmp groupname changeme
crypto-local isakmp dpd idle-timeout 22 retry-timeout 2 retry-attempts 3
crypto-local isakmp xauth

vpdn group l2tp
  ppp authentication PAP
!

ip dhcp excluded-address 10.115.64.1 10.115.64.30
ip dhcp pool ADmin_APs
 default-router 10.115.64.6
 dns-server 10.1.1.19
 network 10.115.64.0 255.255.252.0
 authoritative
!
ip dhcp pool VLAN112
 default-router 10.112.64.5
 network 10.112.64.0 255.255.252.0
 authoritative
!
ip dhcp pool test
 default-router 10.114.64.5
 network 10.114.64.0 255.255.252.0
 authoritative
!
service dhcp

vpdn group pptp
  ppp authentication MSCHAPv2
!

mux-address 0.0.0.0

adp discovery enable
adp igmp-join enable
adp igmp-vlan 0



ssh mgmt-auth username/password
mgmt-user admin root b40338ce01617d573cd980e5816ddb12dfc21a25b2d4d4cbc9


no database synchronize
database synchronize rf-plan-data

ip mobile domain default
!

ip igmp
!

packet-capture-defaults tcp disable udp disable sysmsg disable other disable
!
ip domain lookup
!
country SA
aaa authentication mac "default"
!
aaa authentication dot1x "default"
!
aaa authentication dot1x "MOCI"
   termination enable
   termination eap-type eap-peap
   termination inner-eap-type eap-mschapv2
!
aaa authentication-server radius "MOCI"
   host 10.1.1.121
   key 92d1bb628fa758a9681e9586cdfcba5f6fbc505ea9e0d5e2
   nas-identifier "Aruba-Master"
!
aaa authentication-server radius "nps"
   host 10.1.1.121
   key 8163481b2b6001c46abf197347d89c30ee36346eb88e624e
   nas-identifier "Aruba-Master"
!
aaa server-group "default"
 auth-server Internal
 set role condition role value-of
!
aaa server-group "MOCI-Radius"
 auth-server nps
!
aaa profile "default"
!
aaa profile "default-dot1x"
   authentication-dot1x "MOCI"
   dot1x-server-group "MOCI-Radius"
!
aaa profile "default-dot1x-psk"
   authentication-dot1x "default-psk"
!
aaa authentication captive-portal "default"
!
aaa authentication captive-portal "MOCI"
   default-role "logon"
!
aaa authentication vpn
!
aaa authentication mgmt
!
aaa authentication stateful-dot1x
!
aaa authentication wired
!
web-server
!
ap system-profile "Admin"
!
ap system-profile "default"
!
ap system-profile "Radio"
   lms-ip 10.115.80.11
!
ap regulatory-domain-profile "default"
   country-code SA
   valid-11g-channel 1
   valid-11g-channel 6
   valid-11g-channel 11
   valid-11a-channel 36
   valid-11a-channel 40
   valid-11a-channel 44
   valid-11a-channel 48
   valid-11a-channel 52
   valid-11a-channel 56
   valid-11a-channel 60
   valid-11a-channel 64
   valid-11a-channel 149
   valid-11a-channel 153
   valid-11a-channel 157
   valid-11a-channel 161
!
ap wired-ap-profile "default"
!
ap enet-link-profile "default"
!
ap snmp-profile "default"
!
ids general-profile "default"
!
ids unauthorized-device-profile "default"
!
ids profile "default"
!
rf arm-profile "default"
!
rf optimization-profile "default"
!
rf event-thresholds-profile "default"
!
rf dot11a-radio-profile "default"
!
rf dot11g-radio-profile "default"
!
wlan ht-ssid-profile "default"
!
wlan ssid-profile "default"
!
wlan ssid-profile "Employee"
   essid "Employee"
   opmode wpa-tkip
   wpa-passphrase 03c560292250ebe80ac3e6ecef563f07cddb0fdf45301de9
!
wlan ssid-profile "Guest"
   essid "Guest"
!
wlan ssid-profile "Voice"
   essid "Voice"
   opmode wpa-psk-tkip
   wmm
   wpa-passphrase fc2034fd88624a7b3b6c54d99b885cc70f63bc19957fde9a
!
wlan virtual-ap "Admin"
   ssid-profile "Employee"
   vlan 112
   aaa-profile "default-dot1x"
!
wlan virtual-ap "Admin_Employee"
   ssid-profile "Employee"
   vlan 102
   aaa-profile "default-dot1x"
!
wlan virtual-ap "Admin_Guest"
   ssid-profile "Guest"
   vlan 114
!
wlan virtual-ap "Admin_Voice"
   ssid-profile "Voice"
   vlan 113
   vlan-mobility
   aaa-profile "default-dot1x-psk"
!
wlan virtual-ap "default"
!
wlan virtual-ap "Radio_Employee"
   ssid-profile "Employee"
   vlan 202
   aaa-profile "default-dot1x"
!
wlan virtual-ap "Radio_Guest"
   ssid-profile "Guest"
   vlan 204
!
wlan virtual-ap "Radio_Voice"
   ssid-profile "Voice"
   vlan 203
   vlan-mobility
   aaa-profile "default-dot1x"
!
wlan traffic-management-profile "Admin_QOS"
   bw-alloc virtual-ap "Admin_Voice" share 80
   bw-alloc virtual-ap "default" share 20
   shaping-policy fair-access
!
wlan traffic-management-profile "Radio_QOS"
   bw-alloc virtual-ap "Radio_Voice" share 80
   bw-alloc virtual-ap "default" share 20
   shaping-policy fair-access
!
ap-group "Admin"
   virtual-ap "Admin"
   virtual-ap "Admin_Voice"
   virtual-ap "Admin_Guest"
   ap-system-profile "Admin"
   dot11g-traffic-mgmt-profile "Admin_QOS"
!
ap-group "default"
   virtual-ap "default"
!

end

(MOCI-ADMIN) #

Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
I would say the guest ssid is wide open in this config

you would need to add under the
wlan ssid-profile "Guest"
   essid "Guest"
  opmode wpa-psk-tkip
  wpa-passphrase  DEFINEAPASSPHRASEHERE

and that should do it.
 

Author

Commented:
it give me the fallowing error after  configuring  your commands

(MOCI-ADMIN) (config) #wlan ssid-profile "Guest"
(MOCI-ADMIN) (SSID Profile "Guest") #   essid "Guest"
(MOCI-ADMIN) (SSID Profile "Guest") #  opmode wpa-psk-tkip
Error: opmode requires a pre-shared key. Either wpa-hexkey or wpa-passphrase must be set.
Try setting the passphrase before entereing the, command.  Try entering them in this order

wpa-pasephrase ++++++++
opmode wpa-psk-tkip
Any luck with that?

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial