Configuration manual

ManualsBrandsDell ManualsComputer equipmentPowerConnect W-AirWave 7.4

Dell PowerConnect W-AirWave 7.4 | Configuration Guide Configuration Reference | 51

3. Select Add or Save. The added or edited AAA profile appears on the AAA Profiles page.

Profiles > AAA > 802.1x Auth

802.1x authentication consists of three components:

 The supplicant, or client, is the device attempting to gain access to the network. You can configure the Dell

PowerConnect W user-centric network to support 802.1x authentication for wired users as well as wireless

users.

 The authenticator is the gatekeeper to the network and permits or denies access to the supplicants. The Dell

PowerConnect W controller acts as the authenticator, relaying information between the authentication server

and supplicant. The EAP type must be consistent between the authentication server and supplicant and is

transparent to the controller.

 The authentication server provides a database of information required for authentication and informs the

authenticator to deny or permit access to the supplicant.

The 802.1x authentication server is typically an EAP-compliant Remote Access Dial-In User Service (RADIUS)

server which can authenticate either users (through passwords or certificates) or the client computer.

An example of an 802.1x authentication server is the Internet Authentication Service (IAS) in Windows (see

http://technet2.microsoft.com/windowsserver/en/technologies/ias.mspx).

SIP Authentication Role None Select the role to function for SIP authentication. The controller supports the stateful

tracking of session initiation protocol (SIP) authentication between a SIP client and a

SIP registry server. Upon successful registration, a user role is assigned to the SIP

client. Select the add icon to create a new role, or click the pencil icon to edit an

existing role.

This setting requires a voice service license.

Enforce DHCP When you select this option, clients must obtain an IP using DHCP before they are

allowed to associate to an AP. Enable this option when you create a user rule that

assigns a specific role or VLAN based upon the client device’s type.

NOTE: If a client is removed from the user table by the “Logon user lifetime” AAA

timer, then that client will not be able to send traffic until it renews its DHCP.

Radius Interim

Accounting

By default, the RADIUS accounting feature sends only start and stop messages to the

RADIUS accounting server. Issue the interim-radius-accounting command to allow

the controller to send Interim-Update messages with current user statistics to the

server at regular intervals. Requires a minimum version of 6.1.0.0.

Device Type

Classification

When you select this option, the controller will parse user-agent strings and attempt

to identify the type of device connecting to the AP. When the device type

classification is enabled, the Global client table shown in the Monitoring >Network >

All WLAN Clients window shows each client’s device type, if that client device can be

identified. Requires a minimum version of 6.0.1.0.

L2 Authentication Fail

through

When MAC authentication fails, enable this option to perform 802.1x authentication.

Requires a minimum version of 6.1.0.0.

XML API Servers

XML API Servers Select the XML API server to support the AAA profile being configured, if required.

This section is blank if there are no XML API servers.

RFC 3576 Servers

RFC 3576 Servers Select the RFC 3576 RADIUS server to support the AAA profile being configured, if

required. This section is blank if there are no such servers.

Table 8 Profiles > AAA > New AAA Profile Settings (Continued)

Field Default Description