sportsboy
asked on
aruba wirless 2400
Dear Experts,
we have one aruba wireless contorller 2400 series in our network for wireless users.
the problem is this guest users connect to network without giving any password.
i want to configure password for wireless guest users so whenever they want to access wireless network they must prompt for password. the fallowing vlan 114 used for
wireless users. please see the configurations and suggest me how i can enable password on guest users.
interface vlan 112
ip address 10.112.64.5 255.255.252.0
ip helper-address 10.1.1.19
ip nat inside
!
interface vlan 113
ip address 10.113.64.5 255.255.252.0
ip helper-address 10.1.1.19
!
interface vlan 114
ip address 10.114.64.5 255.255.252.0
ip nat inside
!
interface vlan 115
ip address 10.115.64.5 255.255.252.0
!
ip default-gateway 10.115.64.1
wms
general poll-interval 60000
general poll-retries 2
general ap-ageout-interval 30
general sta-ageout-interval 30
general learn-ap disable
general persistent-known-interferi ng enable
general propagate-wired-macs enable
general stat-update enable
general collect-stats disable
!
no crypto isakmp psk-caching
no crypto-local isakmp permit-invalid-cert
localip 0.0.0.0 ipsec 9204408fcb62252b0794d46839 22de344fa4 1181b2bbe2 cf
crypto isakmp groupname changeme
crypto-local isakmp dpd idle-timeout 22 retry-timeout 2 retry-attempts 3
crypto-local isakmp xauth
vpdn group l2tp
ppp authentication PAP
!
ip dhcp excluded-address 10.115.64.1 10.115.64.30
ip dhcp pool ADmin_APs
default-router 10.115.64.6
dns-server 10.1.1.19
network 10.115.64.0 255.255.252.0
authoritative
!
ip dhcp pool VLAN112
default-router 10.112.64.5
network 10.112.64.0 255.255.252.0
authoritative
!
ip dhcp pool test
default-router 10.114.64.5
network 10.114.64.0 255.255.252.0
authoritative
!
service dhcp
vpdn group pptp
ppp authentication MSCHAPv2
!
mux-address 0.0.0.0
adp discovery enable
adp igmp-join enable
adp igmp-vlan 0
ssh mgmt-auth username/password
mgmt-user admin root b40338ce01617d573cd980e581 6ddb12dfc2 1a25b2d4d4 cbc9
no database synchronize
database synchronize rf-plan-data
ip mobile domain default
!
ip igmp
!
packet-capture-defaults tcp disable udp disable sysmsg disable other disable
!
ip domain lookup
!
country SA
aaa authentication mac "default"
!
aaa authentication dot1x "default"
!
aaa authentication dot1x "MOCI"
termination enable
termination eap-type eap-peap
termination inner-eap-type eap-mschapv2
!
aaa authentication-server radius "MOCI"
host 10.1.1.121
key 92d1bb628fa758a9681e9586cd fcba5f6fbc 505ea9e0d5 e2
nas-identifier "Aruba-Master"
!
aaa authentication-server radius "nps"
host 10.1.1.121
key 8163481b2b6001c46abf197347 d89c30ee36 346eb88e62 4e
nas-identifier "Aruba-Master"
!
aaa server-group "default"
auth-server Internal
set role condition role value-of
!
aaa server-group "MOCI-Radius"
auth-server nps
!
aaa profile "default"
!
aaa profile "default-dot1x"
authentication-dot1x "MOCI"
dot1x-server-group "MOCI-Radius"
!
aaa profile "default-dot1x-psk"
authentication-dot1x "default-psk"
!
aaa authentication captive-portal "default"
!
aaa authentication captive-portal "MOCI"
default-role "logon"
!
aaa authentication vpn
!
aaa authentication mgmt
!
aaa authentication stateful-dot1x
!
aaa authentication wired
!
web-server
!
ap system-profile "Admin"
!
ap system-profile "default"
!
ap system-profile "Radio"
lms-ip 10.115.80.11
!
ap regulatory-domain-profile "default"
country-code SA
valid-11g-channel 1
valid-11g-channel 6
valid-11g-channel 11
valid-11a-channel 36
valid-11a-channel 40
valid-11a-channel 44
valid-11a-channel 48
valid-11a-channel 52
valid-11a-channel 56
valid-11a-channel 60
valid-11a-channel 64
valid-11a-channel 149
valid-11a-channel 153
valid-11a-channel 157
valid-11a-channel 161
!
ap wired-ap-profile "default"
!
ap enet-link-profile "default"
!
ap snmp-profile "default"
!
ids general-profile "default"
!
ids unauthorized-device-profil e "default"
!
ids profile "default"
!
rf arm-profile "default"
!
rf optimization-profile "default"
!
rf event-thresholds-profile "default"
!
rf dot11a-radio-profile "default"
!
rf dot11g-radio-profile "default"
!
wlan ht-ssid-profile "default"
!
wlan ssid-profile "default"
!
wlan ssid-profile "Employee"
essid "Employee"
opmode wpa-tkip
wpa-passphrase 03c560292250ebe80ac3e6ecef 563f07cddb 0fdf45301d e9
!
wlan ssid-profile "Guest"
essid "Guest"
!
wlan ssid-profile "Voice"
essid "Voice"
opmode wpa-psk-tkip
wmm
wpa-passphrase fc2034fd88624a7b3b6c54d99b 885cc70f63 bc19957fde 9a
!
wlan virtual-ap "Admin"
ssid-profile "Employee"
vlan 112
aaa-profile "default-dot1x"
!
wlan virtual-ap "Admin_Employee"
ssid-profile "Employee"
vlan 102
aaa-profile "default-dot1x"
!
wlan virtual-ap "Admin_Guest"
ssid-profile "Guest"
vlan 114
!
wlan virtual-ap "Admin_Voice"
ssid-profile "Voice"
vlan 113
vlan-mobility
aaa-profile "default-dot1x-psk"
!
wlan virtual-ap "default"
!
wlan virtual-ap "Radio_Employee"
ssid-profile "Employee"
vlan 202
aaa-profile "default-dot1x"
!
wlan virtual-ap "Radio_Guest"
ssid-profile "Guest"
vlan 204
!
wlan virtual-ap "Radio_Voice"
ssid-profile "Voice"
vlan 203
vlan-mobility
aaa-profile "default-dot1x"
!
wlan traffic-management-profile "Admin_QOS"
bw-alloc virtual-ap "Admin_Voice" share 80
bw-alloc virtual-ap "default" share 20
shaping-policy fair-access
!
wlan traffic-management-profile "Radio_QOS"
bw-alloc virtual-ap "Radio_Voice" share 80
bw-alloc virtual-ap "default" share 20
shaping-policy fair-access
!
ap-group "Admin"
virtual-ap "Admin"
virtual-ap "Admin_Voice"
virtual-ap "Admin_Guest"
ap-system-profile "Admin"
dot11g-traffic-mgmt-profil e "Admin_QOS"
!
ap-group "default"
virtual-ap "default"
!
end
(MOCI-ADMIN) #
we have one aruba wireless contorller 2400 series in our network for wireless users.
the problem is this guest users connect to network without giving any password.
i want to configure password for wireless guest users so whenever they want to access wireless network they must prompt for password. the fallowing vlan 114 used for
wireless users. please see the configurations and suggest me how i can enable password on guest users.
interface vlan 112
ip address 10.112.64.5 255.255.252.0
ip helper-address 10.1.1.19
ip nat inside
!
interface vlan 113
ip address 10.113.64.5 255.255.252.0
ip helper-address 10.1.1.19
!
interface vlan 114
ip address 10.114.64.5 255.255.252.0
ip nat inside
!
interface vlan 115
ip address 10.115.64.5 255.255.252.0
!
ip default-gateway 10.115.64.1
wms
general poll-interval 60000
general poll-retries 2
general ap-ageout-interval 30
general sta-ageout-interval 30
general learn-ap disable
general persistent-known-interferi
general propagate-wired-macs enable
general stat-update enable
general collect-stats disable
!
no crypto isakmp psk-caching
no crypto-local isakmp permit-invalid-cert
localip 0.0.0.0 ipsec 9204408fcb62252b0794d46839
crypto isakmp groupname changeme
crypto-local isakmp dpd idle-timeout 22 retry-timeout 2 retry-attempts 3
crypto-local isakmp xauth
vpdn group l2tp
ppp authentication PAP
!
ip dhcp excluded-address 10.115.64.1 10.115.64.30
ip dhcp pool ADmin_APs
default-router 10.115.64.6
dns-server 10.1.1.19
network 10.115.64.0 255.255.252.0
authoritative
!
ip dhcp pool VLAN112
default-router 10.112.64.5
network 10.112.64.0 255.255.252.0
authoritative
!
ip dhcp pool test
default-router 10.114.64.5
network 10.114.64.0 255.255.252.0
authoritative
!
service dhcp
vpdn group pptp
ppp authentication MSCHAPv2
!
mux-address 0.0.0.0
adp discovery enable
adp igmp-join enable
adp igmp-vlan 0
ssh mgmt-auth username/password
mgmt-user admin root b40338ce01617d573cd980e581
no database synchronize
database synchronize rf-plan-data
ip mobile domain default
!
ip igmp
!
packet-capture-defaults tcp disable udp disable sysmsg disable other disable
!
ip domain lookup
!
country SA
aaa authentication mac "default"
!
aaa authentication dot1x "default"
!
aaa authentication dot1x "MOCI"
termination enable
termination eap-type eap-peap
termination inner-eap-type eap-mschapv2
!
aaa authentication-server radius "MOCI"
host 10.1.1.121
key 92d1bb628fa758a9681e9586cd
nas-identifier "Aruba-Master"
!
aaa authentication-server radius "nps"
host 10.1.1.121
key 8163481b2b6001c46abf197347
nas-identifier "Aruba-Master"
!
aaa server-group "default"
auth-server Internal
set role condition role value-of
!
aaa server-group "MOCI-Radius"
auth-server nps
!
aaa profile "default"
!
aaa profile "default-dot1x"
authentication-dot1x "MOCI"
dot1x-server-group "MOCI-Radius"
!
aaa profile "default-dot1x-psk"
authentication-dot1x "default-psk"
!
aaa authentication captive-portal "default"
!
aaa authentication captive-portal "MOCI"
default-role "logon"
!
aaa authentication vpn
!
aaa authentication mgmt
!
aaa authentication stateful-dot1x
!
aaa authentication wired
!
web-server
!
ap system-profile "Admin"
!
ap system-profile "default"
!
ap system-profile "Radio"
lms-ip 10.115.80.11
!
ap regulatory-domain-profile "default"
country-code SA
valid-11g-channel 1
valid-11g-channel 6
valid-11g-channel 11
valid-11a-channel 36
valid-11a-channel 40
valid-11a-channel 44
valid-11a-channel 48
valid-11a-channel 52
valid-11a-channel 56
valid-11a-channel 60
valid-11a-channel 64
valid-11a-channel 149
valid-11a-channel 153
valid-11a-channel 157
valid-11a-channel 161
!
ap wired-ap-profile "default"
!
ap enet-link-profile "default"
!
ap snmp-profile "default"
!
ids general-profile "default"
!
ids unauthorized-device-profil
!
ids profile "default"
!
rf arm-profile "default"
!
rf optimization-profile "default"
!
rf event-thresholds-profile "default"
!
rf dot11a-radio-profile "default"
!
rf dot11g-radio-profile "default"
!
wlan ht-ssid-profile "default"
!
wlan ssid-profile "default"
!
wlan ssid-profile "Employee"
essid "Employee"
opmode wpa-tkip
wpa-passphrase 03c560292250ebe80ac3e6ecef
!
wlan ssid-profile "Guest"
essid "Guest"
!
wlan ssid-profile "Voice"
essid "Voice"
opmode wpa-psk-tkip
wmm
wpa-passphrase fc2034fd88624a7b3b6c54d99b
!
wlan virtual-ap "Admin"
ssid-profile "Employee"
vlan 112
aaa-profile "default-dot1x"
!
wlan virtual-ap "Admin_Employee"
ssid-profile "Employee"
vlan 102
aaa-profile "default-dot1x"
!
wlan virtual-ap "Admin_Guest"
ssid-profile "Guest"
vlan 114
!
wlan virtual-ap "Admin_Voice"
ssid-profile "Voice"
vlan 113
vlan-mobility
aaa-profile "default-dot1x-psk"
!
wlan virtual-ap "default"
!
wlan virtual-ap "Radio_Employee"
ssid-profile "Employee"
vlan 202
aaa-profile "default-dot1x"
!
wlan virtual-ap "Radio_Guest"
ssid-profile "Guest"
vlan 204
!
wlan virtual-ap "Radio_Voice"
ssid-profile "Voice"
vlan 203
vlan-mobility
aaa-profile "default-dot1x"
!
wlan traffic-management-profile
bw-alloc virtual-ap "Admin_Voice" share 80
bw-alloc virtual-ap "default" share 20
shaping-policy fair-access
!
wlan traffic-management-profile
bw-alloc virtual-ap "Radio_Voice" share 80
bw-alloc virtual-ap "default" share 20
shaping-policy fair-access
!
ap-group "Admin"
virtual-ap "Admin"
virtual-ap "Admin_Voice"
virtual-ap "Admin_Guest"
ap-system-profile "Admin"
dot11g-traffic-mgmt-profil
!
ap-group "default"
virtual-ap "default"
!
end
(MOCI-ADMIN) #
ASKER
it give me the fallowing error after configuring your commands
(MOCI-ADMIN) (config) #wlan ssid-profile "Guest"
(MOCI-ADMIN) (SSID Profile "Guest") # essid "Guest"
(MOCI-ADMIN) (SSID Profile "Guest") # opmode wpa-psk-tkip
Error: opmode requires a pre-shared key. Either wpa-hexkey or wpa-passphrase must be set.
(MOCI-ADMIN) (config) #wlan ssid-profile "Guest"
(MOCI-ADMIN) (SSID Profile "Guest") # essid "Guest"
(MOCI-ADMIN) (SSID Profile "Guest") # opmode wpa-psk-tkip
Error: opmode requires a pre-shared key. Either wpa-hexkey or wpa-passphrase must be set.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Any luck with that?
you would need to add under the
wlan ssid-profile "Guest"
essid "Guest"
opmode wpa-psk-tkip
wpa-passphrase DEFINEAPASSPHRASEHERE
and that should do it.