Manualshelf

User's Manual

ManualsBrandsDell ManualsComputer equipmentPowerConnect W-6000
331332333334335336337338339340
340 | Virtual Private Networks Dell Networking W-Series ArubaOS 6.4.x| User Guide
VPN Client RAP psk RAP certs CAP
External AAA server 1 LocalDB LocalDB-AP CPSEC-whitelist
External AAA server 1 External AAA server 1 Not supported CPSEC-whitelist
External AAA server 1 External AAA server 2 Not supported CPSEC-whitelist
LocalDB LocalDB LocalDB-AP CPSEC-whitelist
LocalDB External AAA server 1 Not supported CPSEC-whitelist
Table 58: Supported VPN AAA Deployments
Working with Certificate Groups
The certificate group feature allows you to access multiple types of certificates on the same controller. To
create a certificate group, use the following command:
(host) (config) #crypto-local isakmp certificate-group server-certificate server_certificate
ca-certificate ca_certificate
You can view existing certificate groups using:
show crypto-local isakmp certificate-group
Working with VPN Authentication Profiles
VPN Authentication profiles identify a user role for authenticated VPN clients, an authentication server, and the
server group to which the authentication server belongs. There are three predefined VPN authentication
profiles: default, default-rap and default-cap. These different profiles allow you to use different
authentication servers, user roles and IP pools for VPN, remote AP, and campus AP clients.
You can configure the default and default-rap profiles, but not the default-cap profile.
Parameter
Description
default default-rap default-cap
Default Role for
authenticated users
The role that will be
assigned to the authen-
ticated users.
default-vpn-
role
default-vpn-
role
sys-ap-role
0
Maximum allowed
authentication failures
The number of contiguous
authentication failures
before the station is black-
listed.
0 (feature is
disabled)
0 (feature is
disabled)
0 (feature is
disabled)
Check certificate common
name against AAA server
disabled enabled enabled
Export VPNIP address as
a route
When enabled, this
causes any VPN client
address to be exported to
enabled enabled enabled
Table 59: Predefined Authentication Profile settings