technology solution guide - accuris... · in conducting the certification program aruba networks is...

Technology Solution Guide Deploying Accuris Networks AccuROAM Wi-Fi Offload Solution With Aruba Networks’ Secure

Mobility Solution

AccuROAM Software version 1500 – v8.1 iOS Client V1.0 Android Client V1.0 Aruba 3600 Access Controller AOS version 6.0 Aruba AP-105 Access Point

Deploying Accuris Networks Wi-Fi Offload Solution With Aruba Networks’ Secure Mobility Solution

1

WARRANTY DISCLAIMER

THE FOLLOWING DOCUMENT, AND THE INFORMATION CONTAINED HEREIN IS PROVIDED ON

AN "AS IS" BASIS. ARUBA MAKES NO REPRESENTATIONS, WARRANTIES, CONDITIONS OR

GUARANTEES AS TO THE USEFULNESS, QUALITY, SUITABILITY, TRUTH, ACCURACY OR

COMPLETENESS OF THISDOCUMENT AND THE INFORMATION CONTAINED IN THIS DOCUMENT.

DISCLAIMER OF LIABILITY

Aruba Networks, Inc. disclaims liability for any personal injury, property or other damages of

any nature whatsoever, whether special, indirect, consequential or compensatory, directly or

indirectly resulting from the certification program or the acts or omissions of any company or

technology that has been certified by Aruba Networks.

Certification does not mean that the company is a subcontractor or under the technical control

or direction of Aruba Networks. In conducting the certification program Aruba Networks is not

undertaking to render professional or other services for or on behalf of any person or entity.


2

Table of Contents Introduction .................................................................................................................................................. 3

Solution Components ................................................................................................................................... 3

Accuris Networks Solution ........................................................................................................................ 3

Aruba WLAN Solution ............................................................................................................................... 4

Solution Qualification ................................................................................................................................... 4

Qualification Objective ............................................................................................................................. 4

Aruba Wireless LAN Settings .................................................................................................................... 5

Test Methodology .................................................................................................................................... 7

Conclusion ................................................................................................................................................ 8

Appendix 1 – Successful WISPr RADIUS exchange ...................................................................................... 10

Appendix 2 – Successful EAP-SIM RADIUS exchange .................................................................................. 12

Appendix 3 – Aruba Access Controller Configuration File .......................................................................... 22


3

Introduction This document describes the interoperability testing completed between Aruba’s wireless LAN (AOS

version. 6.0) infrastructure and Accuris Networks AccuROAM AAA server and the Accuris Networks

WISPr 1+ clients.

The document is intended to be used in conjunction with Aruba and Accuris Networks configuration

guides. Please contact the respective company’s sales engineering or support groups should additional

information be required.

Solution Verified: Accuris Networks AccuROAM server / handset clients

Aruba Product: Aruba WLAN Solution OS version 6.0– APs and ACs

Partner Solution Tested: Accuris Networks; AccuROAM Server Software version 1500-v8.1 Accuris Networks: WISPr 1+ clients: iOS Client – Software version 1.0 Android Client – Software version 1.0

Solution Components

Accuris Networks Solution The Accuris Networks Wi-Fi offload solution is designed to offer a seamless and secure handover from a

cellular network to an Aruba Wi-Fi network. The solution consists of two primary components:

AccuROAM Server;

Accuris Networks Handset client,

The AccuROAM server is required in all cases, while the clients are required only for WISPr based access

. The AccuROAM platform provides a suite of integrated functional components to support the following

services:

EAP-SIM/AKA/TLS, WiSPr 1.0, 1+, and WiSPr 2.0 authentication;

Location and presence;

Mobile service-continuity to end-users on the Aruba Wi-Fi including voice, messaging and supplementary services;

Tunneled data access to route data through the PDG while associated with the Aruba Wi-Fi network;

RADIUS-to- TAP conversion or file manipulation for reporting / data mining; and

Control of post-pay and prepaid service-access while on the Aruba Wi-Fi network.


4

Aruba WLAN Solution The focus of interoperability testing with Aruba Wi-Fi was to ensure support for EAP-SIM/EAP-AKA and

WISPr based access. AP-105 Access Points and a 3600 Mobility Controller were used for this purpose.

For EAP-SIM/AKA, the Mobility Controller handles the EAP protocol and packages it into RADIUS

messaging for further delivery to the mobile network to complete the authentication process. The

Mobility Controller inspects messages and sets routing based on identified REALM information.

For WISPr, the Mobility Controller offers the required WISPr details within the HTTP of the landing page

presented to the client for login. This allows a suitable smart client to detect the required WISPr support

on the network and complete the automated login process. The Mobility Controller also directs RADIUS

requests to the AccuROAM AAA server based on HTTP requests generated by the client.

Certified Product Summary

Manufacturer Accuris Networks

Products Certified Accuris Networks AccuROAM Wi-Fi offload solution

Hardware Model Numbers HP DL 380 G7

Software Version Numbers Release 1500-v8.1

Client Version Numbers iOS client – 1.0

Android client – 1.0

Features Tested

EAP Access EAP-SIM / EAP-AKA

WISPr Access WISPr 1 access – proprietary Accuris Networks WISPr client

CDR Generation RADUIS Accounting Record Generation and transfer

Solution Qualification

Qualification Objective

The objective of qualification testing was to validate the interoperability of the Accuris Networks

AccuROAM server and the Accuris Networks Wi-Fi offload clients with Aruba’s wireless LAN

infrastructure using both EAP and WISPs topologies. These are presents, respectively, in the following

two figures.


5

EAP Topology

WISPr Topology

Aruba Wireless LAN Settings

This section assumes that the user is familiar with Mobility Controller configuration and operation, as

well as RADIUS configuration and operation. For additional information on Aruba controller


6

configuration please refer to the Aruba OS User Guide and the Aruba WISPr Primer documents available

from support.arubanetworks.com.

The following instructions assume the presence of a fully operational Aruba wireless network, complete

with an operational captive portal, as a prerequisite to WISPr integration.

RADIUS Setting

Define the RADIUS servers. The authentication and accounting requests will be sent to the defined

servers from the Mobility Controller. The user account username/passwords are stored on these RADIUS

servers.

WISPr authentication profile configuration

Initial User Role

Apply the WISPr profile to the initial role of the SSID that the WISPr smart clients will access. This is

typically the same SSID that is used for standard captive portal users. The WISPr process does not

interfere with captive portal.

User-role preauth-wispr-user captive-portal <<name of the captive portal profile>> wispr <<wispr profile identifier>> access-list session logon-control access-list session captiveportal access-list session pre-authaccess !

aaa authentication wispr <<wispr profile identifier>> default-role “wispr authenticated role” server-group <<Servers used for WISPr>> wispr-location-id-socc “US” ((specify the location))

wispr-location-id-cc “1” wispr-location-id-ac “000” wispr-location-id-network <<Network id; ex Boingo hostspot>> wispr-location-name-operator-name <<Name of the operator>> !

aaa authentication-server radius <<radius server identifier>> host <<ip address of the radius server>> key <<shared key>> ! aaa server-group <<Servers used for WISPr>> allow-fail-through auth-server <<radius server identifier>> !


7

Certificates

Install the server certificate using the controller’s webUI and note the CN.

Refer to Appendix 3 for the Mobility Controller configuration used in the testing.

Accuris Networks Settings

The following Accuris Networks AccuROAM/client settings are recommended for use with the Mobility

Controller.

Accuris Networks Clients:

Client settings are automatically configured on client install – default settings are recommended

SMS destination number: 447624802789 AccuROAM settings

SIGTRAN Setup – e.214 address translation for mobile network IMSIs

RADIUS Setup – IP connection to AC. Shared Secret configured to accept RADIUS connection Realm configured to match Aruba and thus accept RADIUS requests

UDID’s for all test handsets

Test Methodology The following tests were conducted for EAP-SIM and non-EAP using both Apple iPhone and Google

Android based devices:

Download of WPA supplicant profile;

Detection of test access point;

Attachment to Wi-Fi access point;

Disconnection and reconnected to access point;

Web browsing and file download when attached.

All tests were successful concluded. The tables below summarize the test results by test case and client

device platform.

crypto-local pki ServerCert testcert <<CN>> web-server switch-cert testcert captive-portal-cert testcert !


8

Test Title Test Description Result

iPhone EAP-SIM TEST CASES

CAT-EAP-I-0001 Successful download of WPA supplicant profile to iPhone OK

CAT-EAP-I-0002 Successful detection of test access point OK

CAT-EAP-I-0003 Successful attachment to Wi-Fi access point * OK

CAT-EAP-I-0004 Successful disconnection and reconnected to Access Point OK

CAT-EAP-I-0005 Successful Web browsing and file download when attached OK

iPhone Non-EAP TEST CASES

CAT-WSP-I-0001 Successful download of client to the iPhone device OK

CAT-WSP-I-0002 Successful detection of test access point OK

CAT-WSP-I-0003 Successful attachment to Wi-Fi access point OK

CAT-WSP-I-0004 Successful disconnection and Reconnected to access point OK

CAT-WSP-I-0005 Successful Web browsing and file download when attached OK

Android Non-EAP TEST CASES – Samsung Galaxy

CAT-WSR-A-0001 Successful download of client on an Android device OK

CAT-WSR-A-0002 Successful detection of test access point OK

CAT-WSR-A-0003 Successful attachment to Wi-Fi access point OK

CAT-WSR-A-0004 Successful disconnection and reconnected to access point OK

CAT-WSR-A-0005 Successful Web browsing and file download when attached OK

* Attachment includes both full authentication back to the network AuC, and fast re-authentication as

detailed in RFC 4186/4187.

** Pseudonym Identity is also supported as detailed in RFC 4186/4187

Conclusion Testing confirmed the interoperability of Aruba’s wireless LAN (AOS version. 6.0) infrastructure and

Accuris Networks’ AccuROAM AAA server and WISPr 1+ clients. This solution enables service providers

to deploy a robust Wi-Fi offloading solution - leveraging Aruba’s best-in-class performance, scalability,


9

and security – with the confidence that connection, disconnection, and security features will be handled

appropriately.

© 2012 Aruba Networks, Inc. Aruba Networks’ trademarks include ®, Aruba Networks®, Aruba Wireless

Networks®, the registered Aruba the Mobile Edge Company logo, Aruba Mobility Management System®,

Mobile Edge Architecture®, People Move. Networks Must Follow®, RFProtect®, and Green Island®. All

rights reserved. All other trademarks are the property of their respective owners. Specifications are

subject to change without notice.


10

Appendix 1 – Successful WISPr RADIUS exchange The WISPr attachment involves the following RADIUS sequence:

Access Request:


11

Access Accept:


12

Appendix 2 – Successful EAP-SIM RADIUS exchange The EAP-SIM attachment and accounting involves the following RADIUS sequence:

Access Request 1 – message 1:


13

Access Challenge 1 – message 2:


14



15

Access Challenge 2 – message 4:


16



17

Access Accept 1 – message 6:


18

Accounting Request 1 – message 7:


19

Accounting Response 1 - message 8:


20

Accounting Request 2 - message 9:


21

Accounting Response 2 – message 10:


22

Appendix 3 – Aruba Access Controller Configuration File version 6.0

hostname "Aruba3600-US"

clock timezone 0

location "Building1.floor1"

controller config 22

ip NAT pool dynamic-srcnat 0.0.0.0 0.0.0.0

ip access-list eth validuserethacl

permit any

!

netservice svc-netbios-dgm udp 138

netservice svc-snmp-trap udp 162

netservice svc-syslog udp 514

netservice svc-l2tp udp 1701

netservice svc-ike udp 500

netservice svc-smb-tcp tcp 445

netservice svc-dhcp udp 67 68 alg dhcp

netservice svc-https tcp 443

netservice svc-pptp tcp 1723

netservice svc-sec-papi udp 8209

netservice svc-sccp tcp 2000 alg sccp

netservice svc-http-accl tcp 88

netservice svc-telnet tcp 23

netservice svc-netbios-ssn tcp 139

netservice svc-sip-tcp tcp 5060

netservice svc-kerberos udp 88

netservice svc-tftp udp 69 alg tftp

netservice svc-http-proxy3 tcp 8888

netservice svc-noe udp 32512 alg noe

netservice svc-cfgm-tcp tcp 8211

netservice svc-adp udp 8200

netservice svc-pop3 tcp 110

netservice svc-lpd-tcp tcp 631

netservice svc-rtsp tcp 554 alg rtsp

netservice svc-msrpc-tcp tcp 135 139

netservice svc-dns udp 53 alg dns

netservice svc-h323-udp udp 1718 1719

netservice svc-h323-tcp tcp 1720

netservice svc-vocera udp 5002 alg vocera

netservice svc-http tcp 80


netservice svc-sip-udp udp 5060

netservice svc-nterm tcp 1026 1028

netservice svc-noe-oxo udp 5000 alg noe

netservice svc-papi udp 8211

netservice svc-natt udp 4500

netservice svc-ftp tcp 21 alg ftp

netservice svc-microsoft-ds tcp 445

netservice svc-svp 119 alg svp

netservice svc-smtp tcp 25

netservice svc-gre 47

netservice svc-netbios-ns udp 137

netservice svc-sips tcp 5061 alg sips

netservice svc-smb-udp udp 445


23

netservice svc-cups tcp 515

netservice svc-esp 50

netservice svc-v6-dhcp udp 546 547

netservice svc-snmp udp 161

netservice svc-bootp udp 67 69

netservice svc-msrpc-udp udp 135 139

netservice svc-ntp udp 123

netservice svc-icmp 1

netservice svc-ssh tcp 22

netservice svc-lpd-udp udp 631

netservice svc-v6-icmp 58


time-range night-hours periodic

weekday 18:01 to 23:59


!

time-range weekend periodic

weekend 00:00 to 23:59

!

time-range working-hours periodic


!

ip access-list session v6-icmp-acl

any any svc-vocera permit queue high

!

ip access-list session control

any any svc-natt permit

user any udp 68 deny

any any svc-icmp permit

any any svc-dns permit

any any svc-papi permit

any any svc-sec-papi permit

any any svc-cfgm-tcp permit

any any svc-adp permit

any any svc-tftp permit

any any svc-dhcp permit

!

ip access-list session allow-diskservices

any any svc-netbios-dgm permit

any any svc-netbios-ssn permit

any any svc-microsoft-ds permit

any any svc-netbios-ns permit

!

ip access-list session validuser

network 169.254.0.0 255.255.0.0 any any deny

any any any permit

ipv6 any any any permit

!

ip access-list session v6-https-acl


!

ip access-list session WISPr_Policy

!

ip access-list session v6-dhcp-acl

!

ip access-list session captiveportal


24

user alias controller svc-https dst-nat 8081

user any svc-http dst-nat 8080

user any svc-https dst-nat 8081

user any svc-http-proxy1 dst-nat 8088



!

ip access-list session allowall


any any any permit

any any svc-sip-udp permit queue high

any any svc-sip-tcp permit queue high

!

ip access-list session https-acl

any any svc-https permit

!

ip access-list session dns-acl






any host 172.16.0.253 svc-sip-udp permit queue high

any any svc-gre permit


!

ip access-list session ra-guard

!

ip access-list session logon-control








user alias controller svc-https dst-nat 8081

!

ip access-list session v6-allowall

!

ip access-list session tftp-acl

any any svc-tftp permit

!

ip access-list session skinny-acl

any any svc-sccp permit queue high

!

ip access-list session srcnat

user any any src-nat

!

ip access-list session vpnlogon

user any svc-ike permit

user any svc-esp permit

any any svc-l2tp permit

any any svc-pptp permit


!


25

ip access-list session captiveportal6

!

ip access-list session noe-acl

any any svc-noe permit queue high

!

ip access-list session ap-acl

any user svc-telnet permit

any any udp 5555 permit


any any svc-syslog permit

any user svc-snmp permit

user any svc-http permit

user any svc-http-accl permit

user any svc-smb-tcp permit

user any svc-msrpc-tcp permit

user any svc-snmp-trap permit

user any svc-ntp permit

user alias controller svc-ftp permit

any any svc-svp permit queue high

user host 224.0.1.116 any permit

!

ip access-list session AmigoPod-permit

!

ip access-list session v6-logon-control

!

ip access-list session h323-acl

any any svc-h323-tcp permit queue high

any any svc-h323-udp permit queue high

!

vpn-dialer default-dialer

ike authentication PRE-SHARE

a47508ceb01f70a316349683785eb9b6bf51469ac648f919

!

user-role ap-role

!

user-role wispr_user

wispr "WISPr_Auth"

access-list session logon-control

access-list session captiveportal

access-list session vpnlogon

access-list session v6-logon-control

access-list session allowall

!

user-role Accuris_WEP-guest-logon

captive-portal "Accuris_WEP-cp_prof"

wispr "WISPr_Auth"




!

user-role guest-logon

access-list session captiveportal6






26

!

user-role guest

vlan 1

access-list session validuser

!

user-role Accuris_OPEN-logon

wispr "WISPr_Auth"





!

user-role stateful-dot1x

!

user-role WISPr1APb-guest-logon






!

user-role Accuris_OPEN-guest-logon






!

user-role logon






!

!

controller-ip vlan 1

interface mgmt

shutdown

!

dialer group evdo_us

init-string ATQ0V1E0

dial-string ATDT#777

!

dialer group gsm_us

init-string AT+CGDCONT=1,"IP","ISP.CINGULAR"

dial-string ATD*99#

!

dialer group vivo_br

init-string AT+CGDCONT=1,"IP","zap.vivo.com.br"

dial-string ATD*99#

!


27

dialer group gsm_asia

init-string AT+CGDCONT=1,"IP","internet"

dial-string ATD*99***1#

!

vlan-name VLAN_1

vlan VLAN_1 1

no spanning-tree

interface gigabitethernet 1/0

description "GE1/0"

trusted

trusted vlan 1-4094

!


description "GE1/1"

trusted

trusted vlan 1-4094

!


description "GE1/2"

trusted

trusted vlan 1-4094

!


description "GE1/3"

trusted

trusted vlan 1-4094

!

interface vlan 1

ip address 172.16.0.254 255.255.255.0

!

ip default-gateway 172.16.0.1

uplink disable

ap mesh-recovery-profile cluster RecoveryMm2SC9h8xCeWzmVY wpa-hexkey

13355a2a9734446e94d13450f055559afc90fc3fa9bf67dc3f4e7a678d90b240ff3f3f639e61d

126762b8c402ba39fcd15c777ee8bacadb38a76c19e7816e4c8e44954022344b09715f033e225

c45b6b

wms

general poll-interval 60000

general poll-retries 3

general ap-ageout-interval 30

general adhoc-ap-ageout-interval 5

general sta-ageout-interval 30

general learn-ap disable


28

general persistent-neighbor enable

general propagate-wired-macs enable

general stat-update enable

general collect-stats disable

!

crypto ipsec transform-set default-boc-bm-transform esp-3des esp-sha-hmac

crypto ipsec transform-set default-rap-transform esp-aes256 esp-sha-hmac

vpdn group l2tp

!

ip dhcp pool Accuris

default-router 172.16.0.1

dns-server 85.91.1.128 85.91.1.130

lease 3 0 0 0

network 172.16.0.0 255.255.255.0

authoritative

!

service dhcp

ip dhcp default-pool private

!

vpdn group pptp

!

mux-address 0.0.0.0

adp discovery enable

adp igmp-join enable

adp igmp-vlan 0

voice rtcp-inactivity disable

voice sip-midcall-req-timeout disable

ssh mgmt-auth username/password

mgmt-user admin root d42b905a011cdff8dc9b8d6ab13ce7be800609c23d0676d26c

no database synchronize

database synchronize rf-plan-data

ip mobile domain default

!

ip igmp

!

no firewall attack-rate cp 1024

!

firewall cp

!

firewall cp


29

packet-capture-defaults tcp disable udp disable sysmsg disable other disable

!

ip domain lookup

!

country US

aaa authentication mac "default"

!

aaa authentication dot1x "Accuris_OPEN-dot1x_prof"

!

aaa authentication dot1x "Accuris_WLAN-dot1x_prof"

!

aaa authentication dot1x "default"

!

aaa authentication dot1x "dot1x_prof-heg79"

!

aaa authentication-server radius "ianslinux"

host "10.50.1.62"

key 5843006372c6ac28550b63ce5f3852bd

authport 8300

acctport 8301

!

aaa server-group "Accuris"

auth-server ianslinux

!

aaa server-group "default"

auth-server ianslinux

auth-server Internal

!

aaa authentication via connection-profile "default"

!

aaa authentication via web-auth "default"

!

aaa authentication via global-config

!

aaa profile "Accuris_OPEN-aaa_prof"

initial-role "Accuris_WEP-guest-logon"

no devtype-classification

!

aaa profile "Accuris_WEP-aaa_prof"

initial-role "Accuris_WEP-guest-logon"

!

aaa profile "Accuris_WLAN-aaa_prof"

initial-role "wispr_user"

!

aaa profile "default"

!

aaa authentication captive-portal "Accuris_OPEN-cp_prof"

!

aaa authentication captive-portal "Accuris_WEP-cp_prof"

no user-logon

!

aaa authentication captive-portal "default"

!

aaa authentication captive-portal "WISPr1APb-cp_prof"

!

aaa authentication wispr "default"


30

!

aaa authentication wispr "WISPr_Auth"

default-role "wispr_user"

!

aaa authentication vpn "default"

!

aaa authentication mgmt

!

aaa authentication stateful-ntlm "default"

!

aaa authentication stateful-kerberos "default"

!

aaa authentication stateful-dot1x

default-role "wispr_user"

enable

!

aaa authentication via auth-profile "default"

!

aaa authentication wired

!

web-server

!

papi-security

!

guest-access-email

!

voice logging

!

voice dialplan-profile "default"

!

voice real-time-config

!

voice sip

!

aaa password-policy mgmt

!

control-plane-security

!

valid-network-oui-profile

!

ap system-profile "default"

!

ap regulatory-domain-profile "default"

country-code US

valid-11g-channel 1

valid-11g-channel 6

valid-11g-channel 11

valid-11a-channel 36










31

valid-11g-40mhz-channel-pair 1-5

valid-11g-40mhz-channel-pair 7-11

valid-11a-40mhz-channel-pair 36-40




!

ap wired-ap-profile "default"

!

ap enet-link-profile "default"

!

ap mesh-ht-ssid-profile "default"

!

ap mesh-cluster-profile "default"

!

ap wired-port-profile "default"

!

ap mesh-radio-profile "default"

!

ids general-profile "default"

!

ids unauthorized-device-profile "default"

!

ids profile "default"

!

rf arm-profile "default"

!

rf optimization-profile "default"

!

rf event-thresholds-profile "default"

!

rf am-scan-profile "default"

!

rf dot11a-radio-profile "default"

!

rf dot11g-radio-profile "default"

!

wlan dot11k-profile "default"

!

wlan voip-cac-profile "default"

!

wlan ht-ssid-profile "Accuris_OPEN-htssid_prof"

!

wlan ht-ssid-profile "Accuris_WEP-htssid_prof"

!

wlan ht-ssid-profile "Accuris_WLAN-htssid_prof"

!

wlan ht-ssid-profile "default"

!

wlan edca-parameters-profile station "default"

!

wlan edca-parameters-profile ap "default"

!

wlan ssid-profile "Accuris_OPEN-ssid_prof"

essid "WISPr1APb"

ht-ssid-profile "Accuris_OPEN-htssid_prof"


32

!

wlan ssid-profile "Accuris_WEP-ssid_prof"

essid "Accuris_WEP"

ht-ssid-profile "Accuris_WEP-htssid_prof"

!

wlan ssid-profile "Accuris_WLAN-ssid_prof"

essid "Accuris_WLAN"

ht-ssid-profile "Accuris_WLAN-htssid_prof"

!

wlan ssid-profile "default"

!

wlan virtual-ap "Accuris_OPEN-vap_prof"

aaa-profile "Accuris_OPEN-aaa_prof"

ssid-profile "Accuris_OPEN-ssid_prof"

vlan 1

no blacklist

band-steering

!

wlan virtual-ap "Accuris_WEP-vap_prof"

aaa-profile "Accuris_WEP-aaa_prof"

ssid-profile "Accuris_WEP-ssid_prof"

vlan 1

!

wlan virtual-ap "Accuris_WLAN-vap_prof"

aaa-profile "Accuris_WLAN-aaa_prof"

ssid-profile "Accuris_WLAN-ssid_prof"

vlan 1

no blacklist

band-steering

!

wlan virtual-ap "default"

!

ap provisioning-profile "default"

master set "172.16.0.254"

!

ap-group "default"

virtual-ap "Accuris_WLAN-vap_prof"

virtual-ap "Accuris_OPEN-vap_prof"

!

logging level debugging user-debug 00:13:ce:1a:b6:5b

logging level debugging user-debug 78:d6:f0:60:a4:a0

snmp-server enable trap

process monitor log

end

technology solution guide - accuris... · in conducting the certification program aruba networks is...

Documents