Filter
Top Products
195 | 802.1XAuthentication DellPowerConnectW-SeriesArubaOS6.2 | User Guide
n EAP-Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAPv2): Described in RFC
2759, this EAP method is widely supported by Microsoft clients. A RADIUS server must be used as the
backend authentication server.
If you are using the controller’s internal database for user authentication, you need to add the names and passwords
of the users to be authenticated. If you are using an LDAP server for user authentication, you need to configure the
LDAP server on the controller, and configure user IDs and passwords. If you are using a RADIUS server for user
authentication, you need to configure the RADIUS server on the controller.
Configuring 802.1X Authentication
On the controller, use the following steps to configure a wireless network that uses 802.1x authentication:
1. Configure the VLANs to which the authenticated users will be assigned. See "Network Configuration Parameters"
on page 108
2. Configure policies and roles. You can specify a default role for users who are successfully authenticated using
802.1X. You can also configure server derivation rules to assign a user role based on attributes returned by the
authentication server; server-derived user roles take precedence over default roles. For more information about
policies and roles, see Roles and Policies on page 296.
NOTE: The Policy Enforcement Firewall Virtual Private Network (PEFV) module provides identity-based security for wired and
wireless users and must be installed on the controller. The stateful firewall allows user classification based on user identity, device
type, location and time of day and provides differentiated access for different classes of users. For information about obtaining and
installing licenses, see "Software Licenses" on page 100.
3. Configure the authentication server(s) and server group. The server can be an 802.1X RADIUS server or, if you
are using AAA FastConnect, a non-802.1X server or the controller’s internal database. If you are using EAP-GTC
within a PEAP tunnel, you can configure an LDAP or RADIUS server as the authentication server (see
"Authentication Servers" on page 168) If you are using EAP-TLS, you need to import server and CA certificates
on the controller (see "Configuring and Using Certificates with AAA FastConnect" on page 200).
4. Configure the AAA profile.
n Select the 802.1X default user role.
n Select the server group you previously configured for the 802.1x authentication server group.
5. Configure the 802.1X authentication profile. See "In the WebUI" on page 215
6. Configure the virtual AP profile for an AP group or for a specific AP:
n Select the AAA profile you previously configured.
n In the SSID profile, configure the WLAN for 802.1X authentication.
For details on how to complete the above steps, see "Sample Configurations" on page 204
In the WebUI
This section describes how to create and configure a new instance of an 802.1X authentication profile in the WebUI
or the CLI.
1. Navigate to the Configuration > Security > Authentication > L2 Authentication page.
2. In the Profiles list, select 802.1X Authentication Profile.
3. Enter a name for the profile, then click Add.
4. Click Apply.
5. In the Profiles list, select the 802.1X authentication profile you just created.
6. Change the settings described in Table 61 as desired, then click Apply.