Filter
Top Products
The 802.1X authentication profile configuration settings are divided into two tabs, Basic and Advanced. The
Basic tab displays only those configuration settings that often need to be adjusted to suit a specific network. The
Advanced tab shows all configuration settings, including settings that do not need frequent adjustment or should
be kept at their default values. If you change a setting on one tab then click and display the other tab without
saving your configuration, that setting will revert to its previous value.
Parameter Description
Basic 802.1x Authentication Settings
Max authentication failures Number of times a user can try to login with wrong credentials
after which the user is blacklisted as a security threat. Set to 0
to disable blacklisting, otherwise enter a non-zero integer to
blacklist the user after the specified number of failures. The range of allowed values is 0-5
failures, and the default value is 0 failures.
NOTE: This option may require a license.
Enforce Machine
Authentication
Select the Enforce Machine Authentication option to require
machine authentication. This option is also available on the Basic settings tab.
NOTE: This option may require a license.
Machine Authentication:
Default Machine Role
Default role assigned to the user after completing only machine authentication. The default
role for this setting is the “guest” role.
Machine Authentication:
Default User Role
Default role assigned to the user after 802.1x authentication. The default role for this setting is
the “guest” role.
Reauthentication Select the Reauthentication checkbox to force the client to do a 802.1X reauthentication after
the expiration of the default timer for reauthentication. (The default value of the timer is 24
hours.) If the user fails to reauthenticate with valid credentials, the state of the user is cleared.
If derivation rules are used to classify 802.1x-authenticated users, then the reauthentication
timer per role overrides this setting.
This option is disabled by default.
Termination Select the Termination checkbox to allow 802.1X authentication to terminate on the controller.
This option is disabled by default.
Termination EAP-Type If termination is enabled, click either EAP-PEAP or EAP-TLS to select a Extensible
Authentication Protocol (EAP) method.
Termination Inner EAP-
Type
If you are using EAP-PEAP as the EAP method, specify one of the following
inner EAP types:
l eap-gtc: Described in RFC 2284, this EAP method permits the transfer of unencrypted
l usernames and passwords from client to server. The main uses for EAP-GTC are one-time
token cards such as SecureID and the use of LDAP or RADIUS as the user authentication
server. You can also enable caching of user credentials on the controller as a backup to
an external authentication server.
l eap-mschapv2: Described in RFC 2759, this EAP method is widely supported by Microsoft
clients.
Enforce Suite-B 128 bit or
more security level
Authentication
Configure Suite-B 128 bit or more security level authentication enforcement.
Enforce Suite-B 128 bit or
more security level
Authentication
Configure Suite-B 192 bit security level authentication enforcement.
Table 61:
802.1x Authentication Profile Basic WebUI Parameters
DellPowerConnectW-SeriesArubaOS6.2 | User Guide 802.1XAuthentication | 196