Versions Compared

Old Version 2

changes.mady.by.user Shirly Tsang

Saved on

compared with

New Version Current

changes.mady.by.user Gary Leicht

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

You start by creating an IP space you use to associate with an on-prem a host that has the Access Authentication service enabled. You then configure address blocks or subnets in the IP space and tag the address scopes with the predefined tag of “IB_Onprem_AuthN” and provide either “Exclude” or “Include” as the key value. You can then go to the on-prem host with which you have associated the IP space, so you can configure authentication modes for the address scopes you created.

To configure authentication modes, complete the following:

  1. From the

...

  1. Infoblox Portal, go to

...

  1. Configure > Networking > IPAM/DHCP.

  2. On the Address Spaces page, click Create > IP Space to create an IP space to which you add address blocks or subnets, as described in Configuring IP

...

  1. Space.

  2. On the Address Spaces page, click Create > Address Blocks or Create > Subnets to add an address scope to the newly created IP space, as described in Creating Subnets. Ensure that you do the following when creating an address block or subnet:

    • Choose the IP space you just created.

    • Choose the

...

    • host you want to associate with the IP space. Ensure that the

...

    • host has the Access Authentication service enabled.

...

    • Add the “IB_Onprem_AuthN” key tag and enter “Exclude” as the key value if you want to exclude from the address block from authentication or enter “Include” to include the address scope for authentication. For information, see Managing Tags.

  2. After you have successfully created the IP space and address scopes, go to Manage

...

  1. >Infrastructure > Services.

  2. Choose an existing Access Authentication service you want to add an authentication mode, and then click

...

  1. Edit.

  2. In the

...

  1. Edit Access Authentication

...

  1. wizard, scroll down and choose the address scope from the table, and then complete the following.

...

    • Tagged Authentication Mode

...

    • : Choose one of the following mode for the chosen address block:  

      • Disabled: The tagged authentication control is

...

      • disabled. All clients must be authenticated. 

      • Exclusions: Clients from the address scopes tagged for exclusion will bypass authentication. Other clients outside of the address scopes must be authenticated. 

      • Inclusions: Clients from the address scopes tagged for inclusion must be authenticated. Other clients will bypass authentication.

      • Both: Clients from the address scopes tagged for inclusion and clients from untagged address scopes must be authenticated. Clients from the scopes tagged for exclusion will bypass authentication. 

  2. Click Save & Close.