Filter
Top Products
671 | AdvancedSecurity DellPowerConnectW-SeriesArubaOS6.2 | User Guide
protocol during 802.1x exchanges with the controller. (Dell controllers support 802.1x for both wired and wireless
clients.) Upon successful client authentication, an xSec tunnel is established between the controller and the client.
The authenticated client is placed into a configured VLAN, which determines the client’s DHCP server, IP address,
and Layer-2 connection. For wireless xSec clients, the VLAN is the user VLAN configured for the WLAN. For wired
xSec clients and wireless xSec clients that connect to the controller through a non-Dell AP, the VLAN is a
designated xSec VLAN. The VLAN can also be derived from configured RADIUS server-derivation rules or from
Vendor-Specific Attributes (VSAs). Once an xSec tunnel is established, a DHCP server assigns the xSec client an IP
address from the address pool on the VLAN to which the client is assigned. All traffic between the client and the
controller is then encrypted.
The following sections describe how to configure xSec on the controller for wireless and wired clients.
Securing Wireless Clients
The following are the basic steps for configuring the controller for xSec wireless clients:
1. Configure the user VLAN to which the authenticated clients will be assigned. See Network Configuration
Parameters on page 108 for more information.
2. Configure the user role for the authenticated xSec clients. See Roles and Policies on page 296for information.
3. Configure the server group that will be used to authenticate clients using 802.1x. See Authentication Servers on
page 168 for more information
4. Configure the AAA profile to specify the 802.1x default user role. Specify the 802.1x authentication server group.
NOTE: You can configure the 802.1x authentication profile if necessary. See 802.1X Authentication on page 192 for more
information.
5. Configure the virtual AP profile for the WLAN. Specify the previously-configured user VLAN. Only xSec clients
will be allowed to connect to the WLAN and non-xSec connections are dropped.
a. Specify the previously-configured AAA profile.
b. Configure the SSID profile with xSec as the authentication.
6. Install and set up the Odyssey Client on the wireless client.
Figure 276 is an example network where a wireless xSec client is assigned to the user VLAN 20 and the user role
“employee” upon successful 802.1x authentication. VLAN 1 includes the port on the controller that connects to the
wired network on which the AP is installed. (APs can connect to the controller across either a Layer-2 or Layer-3
network.)
Figure 276: Wireless xSec Client Example
The following sections describe how to use the WebUI or CLI to configure the AAA profile and virtual AP profile
for this example. Other chapters in this manual describe the configuration of the user role, VLAN, authentication
servers and server group, and 802.1x authentication profile.
In the WebUI
1. Navigate to the Configuration > Security > Authentication > AAA Profiles page.
a. To create a new AAA profile, click Add in the AAA Profiles Summary.
b. Enter a name for the profile (for example, xsec-wireless), and click Add.
c. To configure the AAA profile, click on the newly-created profile name.