Filter
Top Products
l Machine authentication default user role (in 802.1x authentication profile): guest
Role assignments would be as follows:
l If both machine and user authentication succeed, the role is dot1x_user. If there is a server-derived role, the
server-derived role takes precedence.
l If only machine authentication succeeds, the role is dot1x_mc.
l If only user authentication succeeds, the role is guest.
l On failure of both machine and user authentication, the user does not have access to the network.
With machine authentication enabled, the VLAN to which a client is assigned (and from which the client obtains
its IP address) depends upon the success or failure of the machine and user authentications. The VLAN that is
ultimately assigned to a client can also depend upon attributes returned by the authentication server or server
derivation rules configured on the controller (see "Understanding VLAN Assignments" on page 117). If machine
authentication is successful, the client is assigned the VLAN configured in the virtual AP profile. However, the client
can be assigned a derived VLAN upon successful user authentication.
NOTE: You can optionally assign a VLAN as part of a user role configuration. You should not use VLAN derivation if you
configure user roles with VLAN assignments
Table 63 describes VLAN assignment based on the results of the machine and user authentications when VLAN
derivation is used.
Machine Auth
Status
User Auth
Status
Description VLAN Assigned
Failed Failed Both machine authentication and user
authentication failed. L2 authentication failed.
No VLAN
Failed Passed Machine authentication fails (for example, the
machine information is not present on the server)
and user authentication succeeds.
VLAN configured in the
virtual AP profile
Passed Failed Machine authentication succeeds and user
authentication has not been initiated.
VLAN configured in the
virtual AP profile
Passed Passed Both machine and user are successfully
authenticated.
Derived VLAN. Otherwise,
VLAN configured in the
virtual AP profile.
Table 63:
VLAN Assignment for User and Machine Authentication
NOTE: The administrator can now associate a VLAN Id to a client data based on the authentication credentials in a bridge mode.
Enabling 802.1x Supplicant Support on an AP
This release of ArubaOS provides 802.1X supplicant support on the Access Point (AP). The AP can be used as a
802.1x supplicant where access to the wired Ethernet network is restricted to those devices that can authenticate
using 802.1x.You can provision an AP to act as an 802.1X supplicant and authenticate to the infrastructure using
the PEAP protocol.
DellPowerConnectW-SeriesArubaOS6.2 | User Guide 802.1XAuthentication | 202