User's Manual
In the CLI
interface fastethernet|gigabitethernet slot/port
switchport access vlan 1
xsec vlan 20
aaa profile xsec-wired
authentication-dot1x xsec-wired-dot1x
d>ot1x-default-role employee
d>ot1x-server-group xsec-svrs
aaa authentication wired
profile xsec-wired
Securing Wireless Clients Through Non-Dell APs
If xSec clients are connecting through a non-Dell AP, you need to configure the controller port to which the AP
is connected. The AP must be configured for no (opensystem) authentication.
The following are the basic steps for configuring the controller for xSec wireless clients connecting through a
non-Dell AP:
1. Configure the VLAN to which the authenticated clients will be assigned. See Network Configuration
Parameters on page 148for information.
This VLAN must have an IP interface, and is a different VLAN from the port’s “native” VLAN that provides
connectivity to the network.
2. Configure the user role for the authenticated xSec clients. See Roles and Policies on page 364 for
information.
3. Configure the server group that will be used to authenticate clients using 802.1x. See Authentication
Servers on page 225 for more information.
4. Configure the controller port that connects to the wired network on which the non-Dell AP is installed.
Specify the VLAN to which the authenticated xSec clients are assigned.
The ingress and egress ports for xSec client traffic must be different physical ports on the controller.
5. Configure the AAA profile to specify the 802.1x default user role and the 802.1x authentication server
group.
6. Configure the wired authentication profile to use the AAA profile.
7. Install and set up the Odyssey Client on the wireless client.
The following sections describe how to use the WebUI or CLI to configure the controller port and AAA and
wired authentication profiles for wireless clients connecting with non-Dell APs. Other chapters in this manual
describe the configuration of the user role, VLAN, authentication servers and server group, and 802.1x
authentication profile.
In the WebUI
1. Navigate to the Configuration > Networks > Ports page to configure the port to which the wireless xSec
client(s) are connected.
a. Click the port that you want to configure.
b. Make sure the Enable Port checkbox is selected.
c. For Enter VLAN(s), select the native VLAN (for example, VLAN 1) on the port to ensure Layer-2
connectivity to the network.
d. For xSec VLAN, select the VLAN to which authenticated users are assigned from the drop-down menu
(for example, VLAN 20)
e. Click Apply.
2. Navigate to the Configuration > Security > Authentication > AAA Profiles page to configure the AAA
profile.
Dell Networking W-Series ArubaOS 6.4.x | User Guide Advanced Security | 867