Filter
Top Products
termination {eap-type <type>}|enable|enable-token-caching|{inner-eap-type (eapgtc|
eap-mschapv2)}|{token-caching-period <hours>}
timer {idrequest_period <seconds>}|{mkey-rotation-period <seconds>}|{quiet-period
<seconds>}|{reauth-period <seconds>}|{ukey-rotation-period <seconds>}|{wpagroupkey-
delay <seconds>}|{wpa-key-period <milliseconds>}
tls-guest-access
tls-guest-role <role>
unicast-keyrotation
use-session-key
use-static-key
validate-pmkid
voice-aware
wep-key-retries <number>
wep-key-size {40|128}
wpa-fast-handover
wpa-key-retries <number>
xSec-mtu <mtu>
Configuring and Using Certificates with AAA FastConnect
The controller supports 802.1x authentication using digital certificates for AAA FastConnect.
l Server Certificate—A server certificate installed in the controller verifies the authenticity of the controller for
802.1x authentication. Dell controllers ship with a demonstration digital certificate. Until you install a
customer-specific server certificate in the controller, this demonstration certificate is used by default for all secure
HTTP connections (such as the WebUI and captive portal) and AAA FastConnect. This certificate is included
primarily for the purposes of feature demonstration and convenience and is not intended for long-term use in
production networks. Users in a production environment are urged to obtain and install a certificate issued for
their site or domain by a well-known certificate authority (CA). You can generate a Certificate Signing Request
(CSR) on the controller to submit to a CA. For information on how to generate a CSR and how to import the
CA-signed certificate into the controller, see "Managing Certificates" on page 635
l Client Certificates—Client certificates are verified on the controller (the client certificate must be signed by a
known CA) before the user name is checked on the authentication server. To use client certificate authentication
for AAA FastConnect, you need to import the following certificates into the controller (see "Importing
Certificates" on page 637):
n Controller’s server certificate
n CA certificate for the CA that signed the client certificates
In the WebUI
1. Navigate to the Configuration > Security > Authentication > L2 Authentication page.
2. In the Profiles list, select 802.1x Authentication Profile.
3. Select the “default” 802.1x authentication profile from the drop-down menu to display configuration parameters.
4. In the Basic tab, select Termination.
5. Select the Advanced Tab.
6. In the Server-Certificate field, select the server certificate imported into the controller.
7. In the CA-Certificate field, select the CA certificate imported into the controller.
8. Click Save As. Enter a name for the 802.1x authentication profile.
9. Click Apply.
In the CLI
(host)(config) #aaa authentication dot1x <profile>
termination enable
DellPowerConnectW-SeriesArubaOS6.2 | User Guide 802.1XAuthentication | 200