Filter
Top Products
l ECDSA for digital signatures, including support for X.509v3 certificates using ECDSA keys with p256/p384
curves
l ECDH for key agreement using p256/p384 curves
l SHA-256 and SHA-384 for message digests
NOTE: Suite B support requires a controller running Dell PowerConnect W-Series ArubaOS 6.2 or greater with the Advanced
Cryptography License installed. See "Software Licenses" on page 100 for more information on licenses.
802.11 Suite-B
The bSec protocol is a pre-standard protocol that has been proposed to the IEEE 802.11 committee as an
alternative to 802.11i. The main difference between bSec and standard 802.11i is that bSec implements Suite B
algorithms wherever possible. Notably, AES-CCM is replaced by AES-GCM, and the Key Derivation Function
(KDF) of 802.11i is upgraded to support SHA-256 and SHA-384. In order to provide interoperability with standard
Wi-Fi software drivers, bSec is implemented as a shim layer between standard 802.11 Wi-Fi and a Layer 3 protocol
such as IP. A controller configured to advertise a bSec SSID will advertise an open network, however only bSec
frames will be permitted on the network.
The bSec protocol requires that you use VIA 2.1. or greater on the client device.
Configuring VIA Settings
The following steps are required to configure your controller for VIA. These steps are described in detail in the
subsections that follow.
1. Enable VPN Server Module—ArubaOS allows you to connect to the VIA controller using the default user roles.
However, to configure and assign specific user roles you must install the Policy Enforcement Firewall Virtual
Private Network (PEFV) license. For details, see "Enable VPN Server Module" on page 556.
2. Create VIA User Roles—VIA user roles contain access control policies for users connecting to your network using
VIA. You can configure different VIA roles or use the default VIA role—default-via-role.For details, see
"Create VIA User Roles" on page 556.
3. Create VIA Authentication Profile—A VIA authentication profile contains a server group for authenticating VIA
users. The server group contains the list of authentication servers and server rules to derive user roles based on the
user authentication. You can configure multiple VIA authentication profiles and / or use the default VIA
authentication profile created with
Internal
server group. For details, see "Create VIA Authentication Profile" on
page 556.
4. Create VIA Connection Profile— A VIA connection profile contains settings required by VIA to establish a
secure connection to the controller. You can configure multiple VIA connection profiles. A VIA connection
profile is always associated to a user role and all users belonging to that role will use the configured settings. If
you do not assign a VIA connection profile to a user role, the default connection profile is used.For details, see
"Create VIA Connection Profile" on page 557.
5. Configure VIA Web Authentication—A VIA web authentication profile contains an ordered list of VIA
authentication profiles. The web authentication profile is used by end users to login to the VIA download page
(
https://<server-IP-address>/via
) for downloading the VIA client. Only one VIA web authentication profile is
available. If more than one VIA authentication profile is configured, users can view this list and select one during
the client login. For details, see "Configure VIA Web Authentication" on page 561.
6. Associate VIA Connection Profile to User Role—A VIA connection profile has to be associated to a user role.
Users will login by authenticating against the server group specified in the VIA authentication profile and are put
into that user role. The VIA configuration settings are derived from the VIA connection profile attached to that
user role. Default connection profile is used. For details, see "Associate VIA Connection Profile to User Role" on
page 562.
DellPowerConnectW-SeriesArubaOS6.2 | User Guide VirtualIntranet Access | 555