Filter
Top Products
DellPowerConnectW-SeriesArubaOS6.2 | User Guide 802.1X Authentication | 192
Chapter 14
802.1X Authentication
802.1X is an Institute of Electrical and Electronics Engineers (IEEE) standard that provides an authentication
framework for WLANs. 802.1x uses the Extensible Authentication Protocol (EAP) to exchange messages during the
authentication process. The authentication protocols that operate inside the 802.1X framework that are suitable for
wireless networks include EAP-Transport Layer Security (EAP-TLS), Protected EAP (PEAP), and EAP-Tunneled
TLS (EAP-TTLS). These protocols allow the network to authenticate the client while also allowing the client to
authenticate the network.
This chapter describes the following topics:
l "Understanding 802.1X Authentication" on page 192
l "Configuring 802.1X Authentication" on page 195
l "Sample Configurations" on page 204
l "Performing Advanced Configuration Options for 802.1X" on page 220
Other types of authentication not discussed in this section can be found in the following sections of this guide:
l Captive portal authentication: "Configuring Captive Portal Authentication Profiles" on page 246
l VPN authentication: "Planning a VPN Configuration" on page 271
l MAC authentication: "Configuring MAC-Based Authentication" on page 189
l Stateful 802.1x, stateful NTLM, and WISPr authentication: "Stateful and WISPr Authentication" on page 221
Understanding 802.1X Authentication
802.1x authentication consists of three components:
l The
supplicant
, or client, is the device attempting to gain access to the network. You can configure the Dell user-
centric network to support 802.1x authentication for wired users as well as wireless users.
l The
authenticator
is the gatekeeper to the network and permits or denies access to the supplicants.
l The
Dell controller
acts as the authenticator, relaying information between the authentication server and
supplicant. The EAP type must be consistent between the authentication server and supplicant and is
transparent to the controller.
The authentication server provides a database of information required for authentication and informs the
authenticator to deny or permit access to the supplicant.
The 802.1X authentication server is typically an EAP-compliant Remote Access Dial-In User Service (RADIUS)
server which can authenticate either users (through passwords or certificates) or the client computer.
An example of an 802.1X authentication server is the Internet Authentication Service (IAS) in Windows (see
http://technet.microsoft.com/en-us/library/cc759077(WS.10).aspx).
Dell user-centric networks, you can terminate the 802.1x authentication on the controller. The controller passes
user authentication to its internal database or to a “backend” non-802.1X server. This feature, also called
AAA
FastConnect
, is useful for deployments where an 802.1X EAP-compliant RADIUS server is not available or
required for authentication.