Filter
Top Products
199 | 802.1XAuthentication DellPowerConnectW-SeriesArubaOS6.2 | User Guide
Parameter Description
for the cached information. The default value is 24 hours.
CA-Certificate Click the CA-Certificate drop-down list and select a certificate for client authentication. The
CA certificate needs to be loaded in the controller before it will appear on this list.
Server-Certificate Click the Server-Certificate drop-down list and select a server certificate the controller will
use to authenticate itself to the client.
TLS Guest Access Select TLS Guest Access to enable guest access for EAP-TLS users with valid
certificates. This option is disabled by default.
TLS Guest Role Click the TLS Guest Role drop-down list and select the default user role for EAP-TLS guest
users. This option may require a license This option may require a license.
Ignore EAPOL-START after
authentication
Select Ignore EAPOL-START after authentication to ignore EAPOL-START messages after
authentication. This option is disabled by default.
Handle EAPOL-Logoff Select Handle EAPOL-Logoff to enable handling of EAPOL-LOGOFF messages. This option is
disabled by default.
Ignore EAP ID during
negotiation
Select Ignore EAP ID during negotiation to ignore EAP IDs during negotiation. This option is
disabled by default.
WPA-Fast-Handover Select this option to enable WPA-fast-handover on phones that support this feature. WAP
fast-handover is disabled by default.
Disable rekey and
reauthentication for clients
on call
This feature disables rekey and reauthentication for VoWLAN clients. It is disabled by default,
meaning that rekey and reauthentication is enabled.
NOTE: This option may require a license This option may require a license.
Check certificate common
name against AAA server
If you use client certificates for user authentication, enable this option to verify that the
certificate's common name exists in the server. This parameter is enabled by default in the
default-cap and default-rap VPN profiles, and disabled by default on all other VPN profiles.
In the CLI
The following command configures settings for an 802.1X authentication profiles. Individual parameters are
described in the previous table.
(host)(config) #aaa authentication dot1x {<profile>|countermeasures}
ca-cert <certificate>
clear
clone <profile>
eapol-logoff
framed-mtu <mtu>
heldstate-bypass-counter <number>
ignore-eap-id-match
ignore-eapolstart-afterauthentication
machine-authentication blacklist-on-failure|{cache-timeout <hours>}|enable|
{machine-default-role <role>}|{user-default-role <role>}
max-authentication-failures <number>
max-requests <number>
multicast-keyrotation
no ...
opp-key-caching
reauth-max <number>
reauthentication
server {server-retry <number>|server-retry-period <seconds>}
server-cert <certificate>