Filter
Top Products
Performing Advanced Configuration Options for 802.1X
This section describes advanced configuration options for 802.1X authentication.
Configuring Reauthentication with Unicast Key Rotation
When enabled, unicast and multicast keys are updated after each reauthorization. It is a best practice to configure
the time intervals for reauthentication, multicast key rotation, and unicast key rotation to be at least 15 minutes.
Make sure these intervals are mutually prime, and the factor of the unicast key rotation interval and the multicast
key rotation interval is less than the reauthentication interval.
NOTE: Unicast key rotation depends upon both the AP/controller and wireless client behavior. It is known that some wireless NICs
have issues with unicast key rotation.
The following is an example of the parameters you can configure for reauthentication with unicast and multicast key
rotation:
l Reauthentication: Enabled
l Reauthentication Time Interval: 6011 Seconds
l Multicast Key Rotation: Enabled
l Multicast Key Rotation Time Interval: 1867 Seconds
l Unicast Key Rotation: Enabled
l Unicast Key Rotation Time Interval: 1021 Seconds
In the WebUI
1. Navigate to the Configuration > Security > Authentication > L2 Authentication page.
2. Select 802.1x Authentication Profile, then select the name of the profile you want to configure.
3. Select the Advanced tab. Enter the following values:
n Reauthentication Interval: 6011
n Multicast Key Rotation Time Interval: 1867
n Unicast Key Rotation Time Interval: 1021
n Multicast Key Rotation: (select)
n Unicast Key Rotation: (select)
n Reauthentication: (select)
4. Click Apply.
In the CLI
(host)(config) #aaa authentication dot1x profile
reauthentication
timer reauth-period 6011
unicast-keyrotation
timer ukey-rotation-period 1021
multicast-keyrotation
timer mkey-rotation-period 1867
DellPowerConnectW-SeriesArubaOS6.2 | User Guide 802.1XAuthentication | 220